Authorizations

Use

The SAP ERP Central Component uses the authorization concept of SAP NetWeaver Application Server ABAP. Therefore, the security recommendations and guidelines for authorizations that are described in the Security Guide for SAP NetWeaver Application Server for ABAP also apply to the SAP ERP Central Component . You can use authorizations to restrict the access of users to the system, and thereby protect transactions and programs from unauthorized access.

The SAP NetWeaver Application Server authorization concept is based on assigning authorizations to users based on roles. For role maintenance in SAP NetWeaver Application Server for ABAP , use the profile generator (transaction PFCG), and in SAP NetWeaver Application Server for Java , the user management console of the User Management Engine (UME). You can define user-specific menus using roles.

Note Note

For more information about creating roles, see Role Administration .

End of the note.

Standard Roles and Standard Authorization Objects

SAP delivers standard roles covering the most frequent business transactions. You can use these roles as a template for your own roles.

For a list of the standard roles and authorization objects used by the subcomponents of SAP ERP Central Component, see the section of this document relevant to each component.

Note Note

For information about roles and authorizations in Travel Management (FI-TV) see the section Accounting under Financial Accounting.

End of the note.

Note Note

Before using the roles listed, you may want to check whether the standard roles delivered by SAP meet your requirements.

End of the note.

Authorizations for Customizing Settings

You can use Customizing roles to control access to the configuration of ERP Central Component in the SAP Customizing Implementation Guide (IMG).