The SAP ERP Central Component uses the authorization concept of SAP NetWeaver Application Server ABAP. Therefore, the security recommendations and guidelines for authorizations that are described in the Security Guide for
SAP NetWeaver Application Server
for ABAP
also apply to the SAP ERP Central Component
.
You can use authorizations to restrict the access of users to the system, and thereby protect transactions and programs from unauthorized access.
The
SAP NetWeaver Application Server
authorization concept is based on assigning authorizations to users based on roles. For role maintenance in
SAP NetWeaver Application Server for ABAP
,
use the profile generator (transaction PFCG), and in SAP NetWeaver Application Server
for
Java
, the user management console of the User Management Engine (UME). You can define user-specific menus using roles.
Standard Roles and Standard Authorization Objects
SAP delivers standard roles covering the most frequent business transactions. You can use these roles as a template for your own roles.
For a list of the standard roles and authorization objects used by the subcomponents of SAP ERP Central Component, see the section of this document relevant to each component.
Note
For information about roles and authorizations in Travel Management (FI-TV) see the section Accounting under Financial Accounting.
Note
Before using the roles listed, you may want to check whether the standard roles delivered by SAP meet your requirements.
Authorizations for Customizing Settings
You can use Customizing roles to control access to the configuration of ERP Central Component in the SAP Customizing Implementation Guide (IMG).