Providing
proper access to business users with respect to their responsibility.
Providing permissions with respect to Roles.
- Roles are combination of
transactions, Reports, Menus…
- Profiles are associated with Roles.
- Profiles are combination of
authorization objects.
Authorization:
An
authorization enables you to perform a particular activity in the SAP system,
based on a set of authorization object field values.
Authorization Object:
An
authorization object groups up to ten authorization fields.
Authorization field:
Contains the value that
you defined. It is connected to the data elements stored with the ABAP
Dictionary. S-TCODE S-Programs S-USR-AUTH => Auth.object
- Field
values can be maintained under authorizations.
- Organization
values are used for segregating users as per company codes, plants or
purchasing auth.
- 150
profiles can be included in one Role.
- All standard authorization objects are stores in USOBT or USOBX.
Text Data
- After
installation need to fill the customer tables USOBT_C and USOST_C
SU22/24 -> Maintain authorization objects
for T-codes
SU21 -> Maintain object class
SU20 -> Maintain auth. Fields
SU02 -> Manually create profiles
SU03 -> Manually create auth.