Assigning Authorizations

Assigning Authorizations

The R/3 system administrator (or a designated sub-administrator, see Organizing User and Authorization Maintenance) is responsible for assigning authorizations.

By assigning Authorizations, the administrator determines (within the range of possibilities defined by the programmer) which functions a user may execute or which objects he or she may access.

As an administrator, you are responsible for the following:

Maintaining authorizations for each authorization object

An authorization is the combination of permissible values in each authorization field of an authorization object.

Generating authorization profiles

Authorizations are grouped in authorization profiles in such a way that the profiles describe work centers, for example, flight reservation clerk.

The system administrator can create authorization profiles in two ways:

Automatically, based on activity group maintenance (Tools ® Administration, User maintenance ® Activity groups), using the Profile Generator.

Further details on this topic are contained in: Generating Authorization Profiles Automatically with the Profile Generator.

Manually, by choosing Tools ® Administration, User maintenance ® Profiles

For more information, see Creating and Maintaining Authorizations and Profiles Manually.

You can combine profiles and single authorizations to form composite profiles using the manual maintenance tool. Composite profiles are not strictly necessary, but they do make system administration easier.

Assigning authorization profiles to a user master record

You assign one or more authorization profiles (work centers) to a user master record.

When an authorization check takes place, the system compares the values entered by the system administrator in the authorization profile with those required by the program for the user to execute a certain activity.