Show TOC

Assigning Authorization Objects to Object ClassesLocate this document in the navigation structure

Each authorization object must be assigned to an object class when it is created.

Procedure

  1. Start Matintain Authorization Objects (transaction SU21).

    The system displays a list of existing object classes.

    Object classes are organized according to the components of the system.

    Before you can create a new object, you must define the object class for the component in which you are working. The objects are not overwritten when you install new releases.

    You can also define your own object classes. If you do so, select class names that begin with Y or Z to avoid conflicts with SAP names.

  2. Determine if you need to create an object class.

    To create an object class, choose Start of the navigation path Create (Create) Next navigation step Object Class End of the navigation path.

  3. Choose Start of the navigation path Create (Create) Next navigation step Authorization Object End of the navigation path.

    Enter a unique object name and the fields that belong to the object. Object names must begin with the letter Y or Z in accordance with the naming convention for customer-specific objects.

    You can enter up to ten authorization fields in an object definition. You must also enter a description of the object and create documentation for it.

    Ensure that the object definition matches the AUTHORITY-CHECK calls that refer to the object.

    Caution

    Do not change or delete authorization objects defined by SAP. This disables SAP programs that use the objects.

Next Steps

  • When you create or change authorization object classes in Maintain Authorization Objects (transaction SU21), the system displays a dialog box in which you can enter a change request. Release requests for target systems.

  • You can regenerate the profile SAP_ALL after creating an authorization object.