The authorization protection in the SAP R/3 System is based on authorization objects defined by the system. Using these objects, the user can define authorizations. These authorizations can be grouped in profiles and assigned to individual users.

Authorization objects are represented in the system by particular fields (for example, company code). You define an authorization by specifying the allowed entries for the particular fields in the authorization object (* = all). You assign the authorizations to users by means of authorization profiles.

The following authorization objects are defined for Asset Accounting:

The object "ABAP program flow checks" is provided for the Asset Accounting Information System. You use this object to control whether a user can execute a report. The authorizations A_ALL, A_PROFIL_02 and A_PROFIL_04 are defined for this object. These authorizations consist of an action (executing a report = SUBMIT) and permitted authorization groups. The possible authorization groups correspond roughly to the nodes of standard report selection in Asset Accounting (see Maintain Authorizations in the Implementation Guide).

SAP provides the following standard profiles for Asset Accounting

• Asset Accounting full authorization

• Asset Accounting full authorization (display only)

• Sample profile for the Asset Accounting System Administrator

• Sample profile for the Asset Accountant

• Sample profile for the Asset Accounting clerk

• Sample profile for the buyer for Asset Accounting

• Sample profile for a technician for Asset Accounting

• Sample profile for a warehouse clerk for Asset Accounting

A detailed description of these profiles can be found in the online documentation. There is also a standard profile in Financial Accounting that authorizes posting to the General Ledger asset accounts (account type A).

The authorization checks are carried out for the following activities:

• Maintenance and display of asset classes

• Maintenance and display of asset master records

• Maintenance and display of the values of a fixed asset

• Posting to a fixed asset

• Carrying out periodic processing

• Creating a list using logical database ADA

• Maintenance and display of control data

For asset class maintenance, you assign the authorization for different activities to the user for each individual asset class. For master record maintenance, you can also assign the authorization for certain organizational units (company code, plant, business area). You can protect asset transactions at company code and asset class level depending on the type of transaction.

Control data is divided into two authorization classes:

• Customer data (for example organizational structure)

• Program control data