SAP Authorization Concept

Secure User Access
The SAP authorization concept protects transactions, programs, and services in SAP systems from unauthorized access. On the basis of the authorization concept, the administrator assigns authorizations to the users that determine which actions a user can execute in the SAP system, after he or she has logged on to the system and authenticated himself or herself.

To access business objects or execute SAP transactions, a user requires corresponding authorizations, as business objects or transactions are protected by authorization objects. The authorizations represent instances of generic authorization objects and are defined depending on the activity and responsibilities of the employee. The authorizations are combined in an authorization profile that is associated with a role. The user administrators then assign the corresponding roles using the user master record, so that the user can use the appropriate transactions for his or her tasks.

SAP Best Practices facilitates the definition of authorization profiles by listing the SAP transactions that are necessary to perform all system activities required for the handling of the respective business scenario. Using the profile generator you can automatically create authorization profiles covering selected system transactions. You can check the function list to get an overview of the transactions used in the different SAP Best Practices scenarios.

All authorization profiles can be adapted according to the necessary requirements and the authorization concept that has to be realized, respectively. Further information on this topic can be found on the SAP Help Portal in the area SAP Netweaver -> Security -> Identity Management.

 
overview graphic
 
Detailed Information
Function List
SAP Help Portal