SAP Authorization Concept

Secure User Access

The SAP authorization concept was developed to protect transactions, programs, and services in SAP systems from unauthorized access. In the authorization concept, the administrator assigns authorizations to users that determine which actions a user can execute in the SAP system, after he or she has logged on to the system and authenticated himself or herself.

Because business objects and SAP transactions are protected by authorization, a user requires corresponding authorizations. The authorizations represent instances of generic authorization objects, and are defined by the activity and responsibilities of the employee. Authorizations are combined in an authorization profile, associated with a role. The user administrators then assign the corresponding roles using the user master record, so the user can use the appropriate transactions for his or her tasks.

SAP CRM uses the Business Role concept in the WebClient UI as a central object for controlling the navigation bar, the logical links and the authorizations for users.

SAP Best Practices for CRM facilitates the definition of an authorization concept by providing preconfigured Business Roles with Navigation Bars and Logical Links adapted to the SAP Best Practices scenario scope. In addition predefined PFCG roles tailored to the Business Role scope can be used to automatically create the corresponding authorization profiles.
For details on this topic please see Building Block Configuration Guide CRM WebClient User Interface.

All authorization profiles can be adapted according to the necessary requirements and the authorization concept that has to be realized, respectively. For more information on this topic, see the SAP Help Portal, in the area SAP NetWeaver -> Security -> Identity Management.