Authorizations in SAP Security
The basic architecture of SAP Security and Authorizations is a 6-tiered approach:
1. User Master Record: Accounts for users to enable access to the SAP system; primarily used for user administration purposes.
2. Role: Compilation of transactions and permissions that are assigned to one or more user master records; usually includes commonality amongst a job role or job task.
3. Profile: Assigned when a role is generated and added to its corresponding user master record.
4. Authorization Object Class: Logical grouping of authorization objects by business area.
5. Authorization Object: Groupings of 1-10 authorization fields; configuration is performed against authority check statements written in the SAP code.
6. Authorization Field: Least-granular element in which values can be maintained to secure data and information.
Comments