Authorization Objects and Field Values

An authorization object is what SAP use to assign and enables complez check to determine if the user is allowed to perform certain operations on the system. An authorization object consists of authorization field and it can group up to 10 authorization fields which are checked with an AND relationship. The authorization objects are considered as system elements to be protected and relate to data elements stered with the ABAP dictionary. We can put a single value inside the field or a range of values. The values are called authorizations and the...

Read More

Authorization concept

The authorization concept in SAP involves the provision of users access using a role-based identity management. When the user logs into the system, the SAP applicaton authenticates that user by checking the authorization object assigned to that user. In order to execute a transaction in SAP the user needs to have a series of authorization objects requested for that transaction and pass all the chekc done by the system. All the authorization object are assigned by a combination of roles or composite roles defined for the specific organizational...

Read More

Introduction

Authorization concept for SAP involves the provisioning of SAP access using a role based identity management. When a user logs into the SAP application, the system authenticates that user and performs access controls by checking the authorizations object assigned to that user. All the authorization object are assigned to the user by ROLES created with PFCG. There are several types of ROLES, single, composite and derived. SINGLE ROLE -  contains all the authorization data and the log-on menu structure that consist in all the transactions...

Read More

Transactions - SAP Security

Transaction Code Purpose SU01 To create and maintain the users. SU01D To Display Users SU10 For mass maintenance. SU02 For Manual creation of profiles. SU03 For Manual creation of authorization. SU3 For settingAddress and default parameters. PFCG For maintainingroleusingprofile generator. PFUD For Comparing User master in Dialog. SUPC For generation of Mass profile. SU24 For MaintainingCheckIndicators and for Maintainingtemplates. SU25 For ...

Read More

Tables - SAP Security

Table   Short text AGR_1016   Name of the activity group profile AGR_1016B   Name of the activity group profile AGR_1250   Authorization data for the activity gr AGR_1251   Authorization data for the activity gr AGR_1252   Organizational elements for authorizat AGR_1253   Authorization Data for Activity Group AGR_AGRS   Roles in Composite Roles ...

Read More