What is Authorization in SAP
The following SAP security training tutorials guides you about what is authorization in SAP. A high authorization should consists the following features such as reliability, Security, Testability, Flexibility and Comprehensibility etc. Authorization enables the SAP system to authorize the users to access the SAP with assigned roles and profiles.
Authorization concepts
It determines the fundamental security of the SAP system where all the security functions are controlled by the authorization concepts. It protects every individual fields so that every user can perform his operation on screen that contains several fields. The users get only access for the individual fields that related to his work, in this way the fields are protected from the unauthorized access. For this authorization objects are defined and assigned to the users.
For single authorization object number of authorizations can be defined and effects the dissimilar combination of field values with one another. Here authorizations are not directly assigned to a users where the authorization updated in profiles.
we maintain profile for user by using transaction code “SU01” in SAP.
Components of Authorizations
The important components of authorizations are as follows.
1. Authorization object: – The objects are created in ABAP and they contain fields to protect from authorization, objects help to prevent the users from unauthorized access.
2. Profiles: – Every user is assigned with certain profile to access the SAP system. SAP systems provide a standard profile for all operations to be performed in SAP for example SAP_ALL (All system authorizations). We can create customized profiles as per organization requirements.
3. Groups: – It defines collections of activities that describe the working areas where the users are assigned to a certain type of group. For example SUPER (User with all authorizations), Training (training participants), etc.
4. Roles: – It describes different types of users in SAP systems based on their roles. We can define various types of roles such as single role, derived role, and composite role.
5. User Master data: – User master record has to be created and maintained in all clients in SAP with authorized profiles and transported from test client to production client.