What is SAP Security?

Providing proper access to business users with respect to their responsibility.

  (OR)
Providing permissions with respect to Roles.

• Roles are combination of transactions, Reports, Menus…
• Profiles are associated with Roles.
• Profiles are combination of authorization objects.

Authorization:

         An authorization enables you to perform a particular activity in the SAP system, based on a set of authorization object field values.

Authorization Object:

        An authorization object groups up to ten authorization fields.

Authorization field:

       Contains the value that you defined. It is connected to the data elements stored with the ABAP Dictionary.

 Object Class:  Group of relevant authorization objects.

 

            BC-A, BC-B, BC-C  => Object Class
      S-TCODE     S-Programs    S-USR-AUTH       =>  Auth.object

 

Auth.  Object => collection of auth. Fields <=10

• Field values can be maintained under authorizations.
• Organization values are used for segregating users as per company codes, plants or purchasing auth.
• 150 profiles can be included in one Role.
• All standard authorization objects are stores in USOBT or USOBX.

                                                                           Text             Data

• After installation need to fill the customer tables USOBT_C and USOST_C

 

SU22/24         -> Maintain authorization objects for T-codes

SU21               -> Maintain object class

SU20               -> Maintain auth. Fields

SU02               -> Manually create profiles

SU03               ->  Manually create auth.