Show TOC

Authorizations for Master DataLocate this document in the navigation structure


In order to be able to change or display master data, authorization checks are possible.

You are able to define how authorization assignments and checks are to take place by characteristic, either:

  • By characteristic or
  • By characteristic value.

Two authorization objects exist for this:

  • With authorization object S_RS_IOMAD a blanket authorization check takes place for a characteristic
  • With authorization object S_TABU_LIN (from the SAP Application Server) an authorization check takes place by characteristic value.

With authorization checks by characteristic value, the system generates an organization criterion for the characteristic. The organization criterion generates a connection between table key fields and the authorization fields for the authorization object S_TABU_LIN.

Using authorization object S_TABU_LIN you are able to enter characteristic values in each key field of the master data table for which the user is to have authorization. Do this in the profile generator in role maintenance.In this way you are able to use authorizations to protect the maintenance and display of master data/ texts for this characteristic at single record level.

Characteristic values for which the user has no authorization are then not displayed in the input helps either.


To grant authorizations for characteristics, proceed as follows:

In Characteristic Maintenance:

Activate authorization assignment by characteristic value by setting the Master Data Maintenance with Authorization Check indicator in the Master Data/Texts tab page. Activate the characteristic.

SeeTab Page: Master Data/Texts.

In Role Maintenance (Transaction PFCG):

For more extensive documentation about this procedure, seeSetting Up Standard Authorizations.

For blanket authorizations for characteristics, add authorization object S_RS_IOMAD to the role. You will find this authorization object under Business Information Warehouse  → Data Warehousing Workbench - Maintain Master Data.

For authorizations for single characteristic values, add authorization object S_TABU_LIN to the role. You will find this authorization object under Basis Administration    →    Authorization for Organizational Units.


For the characteristic 0COSTCENTER, you can assign authorization to display values 1000 - 1010 to user A , and authorization to display values 2000 - 2010 to user B.