Assigning Authorizations (SAP Library)

Assigning Authorizations

The R/3 system administrator (or a designated sub-administrator, see Organizing User and Authorization Maintenance) is responsible for assigning authorizations.

By assigning Authorizations, the administrator determines (within the range of possibilities defined by the programmer) which functions a user may execute or which objects he or she may access.

Process flow

As an administrator, you are responsible for the following:

Maintaining authorizations for each authorization object

An authorization is the combination of permissible values in each authorization field of an authorization object.

Generating authorization profiles

Authorizations are grouped in authorization profiles in such a way that the profiles describe work centers, for example, flight reservation clerk.

The system administrator can create authorization profiles:

Automatically using the Profile Generator.

For more information, see Generating Authorization Profiles Automatically with the Profile Generator.

Manually. If needed, an authorization profile can be created manually by choosing Tools ® Administration ® User maintenance ® Profiles

For more information, see Creating and Maintaining Authorizations and Profiles Manually.

You can combine profiles and single authorizations to form composite profiles using the manual maintenance tool. Composite profiles are not strictly necessary, but they do make system administration easier.

Assigning authorization profiles to a user master record

You assign one or more authorization profiles (work centers) to a user master record.

Result

When an authorization check takes place, the system compares the values entered by the system administrator in the authorization profile with those required by the program for the user to execute a certain activity.