Authorization objects

The following SAP training tutorials guide you about authorization object and field values. In our previous SAP security tutorials, we have learned about what is authorizations in SAP. Let’s discuss briefly SAP authorization objects and field values.

Authorization objects play an important role in authorization checks as it determines which access to be assigned to the users. It contains fields and they group up to ten fields for checking the relationships. This object determines as system elements that are to be protected and stored in Abap dictionary.

The authorization fields are in the form of single values or range values and these value sets are known as authorizations.  You can allow all the values or empty fields as permissible values and the system checks these authorization value sets.  All the values of authorization objects have to be maintained according to user master record.

Example

For authorization object, F_KNA1_BUK requires authorization fields of ACTVT and BUKRS (Company code). To define the customer master record the admin has to maintain authorization by assigning F_KNA1_BUK With field activity set to 01 and company code field set to 3129.

From the above example, we can describe as the general authorizations that identify user functions that the object assigned for creating customer master record. The SAP system checks the user authorizations to create customer master records as users have authorization for specific organizational units.

Authorization Objects and Field Values

How the Authorization checks in SAP

When a user starts a transaction from the menu or enters the transaction code in the command field, the sap systems verify with various operations.

  1. It verifies the transaction code in the table whether it is valid or locked.
  2. It verifies if the user has authorization by checking authorization object S_TCODE.
  3. It verifies whether the transaction is assigned to an authorized object or not assigned.

Finally, the transaction starts if the checking operation is successful, or the SAP system returns with a warning message. for example, you don’t have the authorization to process the transaction, the transaction code doesn’t exist, and so on.