Monday, 18 March 2013

What is SAP Security?


Providing proper access to business users with respect to their responsibility.
  (OR)
Providing permissions with respect to Roles.

  • Roles are combination of transactions, Reports, Menus…
  • Profiles are associated with Roles.
  • Profiles are combination of authorization objects.

Authorization:
         An authorization enables you to perform a particular activity in the SAP system, based on a set of authorization object field values.

Authorization Object:
        An authorization object groups up to ten authorization fields.

Authorization field:
       Contains the value that you defined. It is connected to the data elements stored with the ABAP Dictionary.

 Object Class:  Group of relevant authorization objects.

 
            BC-A, BC-B, BC-C  => Object Class
      S-TCODE     S-Programs    S-USR-AUTH       =>  Auth.object

 
Auth.  Object => collection of auth. Fields <=10

  • Field values can be maintained under authorizations.
  • Organization values are used for segregating users as per company codes, plants or purchasing auth.
  • 150 profiles can be included in one Role.
  • All standard authorization objects are stores in USOBT or USOBX.
                                                                           Text             Data

  • After installation need to fill the customer tables USOBT_C and USOST_C

 
SU22/24         -> Maintain authorization objects for T-codes

SU21               -> Maintain object class

SU20               -> Maintain auth. Fields

SU02               -> Manually create profiles

SU03               ->  Manually create auth.