The following SAP training tutorials guides you about authorization object and field values. In our previous SAP security tutorials we have learnt about what is authorizations in SAP. Let discuss briefly about SAP authorization objects and field values.
Authorization objects plays an important roles for authorization checks as it determines which access to be assigned to the users. It contains fields and they group up to ten fields for checking the relationships. These object determines as system elements that to be protected and stores in Abap dictionary.
The authorization fields are in the form of single values or range value and this value sets are known as authorizations. You can allow all the values or empty field as a permissible value and system checks these authorization value sets. All the values of authorization objects has to be maintained according to user master record.
For authorization object F_KNA1_BUK requires authorization fields of ACTVT and BUKRS (Company code). To define customer master record the admin has to maintain authorization by assigning F_KNA1_BUK With field activity set to 01 and company code field set to 3129.
From the above the example we can describe as the general authorizations identifies user functions that the object assigned for creating customer master record. The SAP systems checks the user authorizations to create customer master record as user having authorization for specific organizational units.
How the Authorization checks in SAP
When user starts a transaction from menu or enters transaction code in command field , the sap systems verifies with various operations.
- It verifies the transaction code in table whether it is valid or locked.
- It verifies if the user has authorization by checking authorization object S_TCODE.
- It verifies the transaction is assigned to a authorize object or not assigned.
Finally transaction starts if checking operation is successful, or SAP system returns with warning message. for example you don’t have authorization to process the transaction, transaction code doesn’t exists and so on.