Show TOC

GlossaryLocate this document in the navigation structure

Use

The table below lists the authorization elements that you require when preparing a delivery of authorization default data.

Element

Allowed Values

Comment

Authorization

Not applicable

Manifestation of an authorization object, that is, a combination of permissible values for each authorization field of the authorization object. The combination determines the activities with which a user can access certain data.

Authorization Object

Not applicable

An authorization object consists of up to ten authorization fields, which the system checks with an AND linkage. Authorization objects are organized in classes. An object class is a logical combination of authorization objects and corresponds, for example, to an application (financial accounting, Human Resources, and so on). You can use transaction SU21 to edit authorization objects.

Authorization Field

Refer to authorization default value

Smallest unit in an authorization object. An authorization field either represents data, such as a key field in a database table, or activities, such as Read or Create. Activities are specified as abbreviations, which are stored in the database table TACT and, for customer-specific abbreviations, TACTZ.

Authorization default value

  • Any number of single values

  • Value range

  • All values

  • An empty field

Specified value for authorization field.

Authorization default status

  • No

    If the administrator adds the application to a role, the Proifile Generator does not place an authorization in the role.

  • Yes

    If the administrator adds the application to a role, the Proifile Generator places an authorization in the role.

  • Yes, Without Values

    If the administrator adds the application to a role, the Proifile Generator places an empty authorization in the role.

    Note

    Since customers need to define this empty authorization themselves, only choose this status instead of Yes if you are not able to specify any meaningful authorization default values.

If an authorization administrator includes the applicatoin in the menu when creating or changing the role, the Profile Generator checks for each object whether it has an authorization default status. If this is the case, the Profile Generator includes an authorization in the role.

Check indicator

  • Check

    Default check indicator

  • Do not check

    The authorization check for this authorization object is deactivated. The system does not check whether the user has a suitable authorization.

For transactions, you can also control the authorization check with check indicators that are set for each authorization object.

Maintenance mode

  • Empty field (normal maintenance (manual))

  • A (Automatic maintenance of all authorization objects)

    Authorization objects that are newly assigned to the application by the authorization trace automatically receive the status No authorization default values (previously “check”).

  • B (Automatic maintenance of only Basis authorization objects)

    Basis authorization objects that are newly assigned to the application by the authorization trace automatically receive the status No authorization default values (previously “check”).

  • I (irrelevant, application does not require any authorization default values)

    It is not possible or meaningful to deliver authorization default data for the application. You therefore do not need to maintain the authorization default data. This can be the case, for example, for very generic applications, for which the precise business purpose is not determined.

  • O (obsolete)

    The application is obsolete. It is therefore not meaningful to deliver authorization default data for this application and you no longer need to maintain the authorization default data.

The Maintenance Mode indicaltor is a special attribute of an application. You use it to specify how the authorization default data (SU22 data) of the application is maintained.

Maintenance status

  • Maintained (green traffic light): The authorization default data has been maintained.

  • Unmaintained (red traffic light): The authorization data for the application has not been maintained, or there is another priority 1 error. This error occurs, for example, if Default Status has not yet been maintained for one or more authorization objects.

  • Maintaing with Warning (yellow traffic light): Data has been maintained but there was at least one priority 2 error during the check.

The maintenance status of applications shows whether the authorization default data for an application is correctly maintained.