What is authorization, authorization object, authorization profile, role?

Monday, June 16, 20086comments

Actions and the access to data are protected by authorization objects in
the SAP system. Authorization objects allow complex checks that involve multiple
conditions that allow a user to perform an action. The conditions are
specified in authorization fields for the authorization objects and are AND
linked for the check. Authorization objects and their fields have descriptive
and technical names.

An authorization is always associated with exactly one authorization
object and contains the value for the fields for the authorization object.
An authorization is a permission to perform a certain action in the SAP
system. The action is defined on the basis of the values for the individual
fields of an authorization object.

A role is primarily a functional description
The technical realization of the role, in the form of concrete authorizations is achieved through the authorization profile associated with the role.

What is a composite profile?

A set of profiles which are included under a single profile name is called as a composite profile (SU02)

How can you find missing authorizations? How can you solve?

By running the SU53 transaction.
Identify the authorization object where the required filed value is to be given and the do the same thru SU01 or PFCG.
Share this article :

+ comments + 6 comments

June 17, 2008 at 6:29 AM

Hoi, if you are talking authorizations you should in nowadays not talk about profiles and composite profiles and old fashioned transactions like SU02.
Authorizations should managed by minimum Profile Generator tool PFCG or better by using SAP GRC Access Controls to get rid of any SoD Conflict by the very beginning

February 18, 2009 at 9:01 AM

I agree with Thomas. Maintaining authorizations through transactions is not the best practice these days and thus tools like SAP GRC.

February 19, 2009 at 12:15 AM

Due the last months I recognized a (positive) change within the area of authorization concepts.
There are more customers that do understand that ERP (in most cases SAP) authorizations cannot stand alone. Authorizations have to be seen in a holistic scenario. We are than talking about Process Control Management, Idendity Management, Risk Management, but also Securing the Networks, Portals...
The HR department is / should be responsible for kind of "user-management".
So in nowadays, evern SAP authorizations can not be handeld only by some special trained administrators. The skills needed, are much higher, than the usage of handful of transactions..

February 19, 2012 at 11:17 PM

Excellent post. All the three concepts have been explained in a great way and in a very simple language that is easy to understand. All my doubts have been cleared after reading this article. Thanks.
sap implementation guide

June 17, 2012 at 1:02 AM

Good post and Smart Blog
Thanks for your good information and i hope to subscribe and visit my blog Articles2day.Org and more Selecting the Agency thanks again admin

December 5, 2016 at 3:36 AM

SAP MM,SD, real Time Training in Chennai
We provides Best SAP MM,SD Training in Chennai wih real time project assistance by our leading Materail Management Consultant.
For Free Live Demo @ Call to 8122241286.

Post a Comment
Support : Basis SAP | Basis SAP | Basis SAP
Copyright © 2011. Basis SAP - All Rights Reserved
Template Created by Basis SAP Published by Basis SAP
Proudly powered by Blogger