SAP Authorizations What are the advantages of SAP authorizations?

Direkt zum Seiteninhalt
What are the advantages of SAP authorizations?
Authorization object documentation
Today we come to the error analysis with authorizations. The best thing that can happen is the error of the type: "I don't have authorization to do this and that!" (CASE1). Worse is the case that someone has too many permissions, i.e. the type: "User xy should not have this permission anymore" (CASE2). How to proceed? First of all we come to case 1 This case, that someone has no authorization for something, supports the system excellently! The code word is SU53! If a transaction encounters an authorization error, then this error is written to a memory area that can be displayed. For this there is once the transaction SU53 or the menu selection "System/Utilities/Anc authorization check". With this function, the system outputs information showing which authorization objects are missing for the user.

Suggested values are maintained in the transaction SU24 and delivered through the transaction SU22. Read more about the differences between these two transactions. Maintaining suggestion values via the SU24 transaction is useful if you want to reflect your own requirements or if the values provided by SAP do not meet customer requirements (see Tip 37, "Making sense in maintaining suggestion values"). These proposed values form the basis for the role maintenance credentials in the PFCG transaction. As you know, the suggested values provided by SAP are in the transaction SU22, which are delivered during reinstallation or upgrades as well as in support packages or SAP hints. What is the difference between transactions and how are they used correctly?
List of required organisational levels and their value
Another important factor that should be considered in an authorization concept is to use a uniform naming convention because, on the one hand, many things cannot be changed after the initial naming and, on the other hand, this ensures searchability in the SAP system. In addition, the preset authorization roles of the SAP system should never be overwritten or deleted, but only copies of them should be created, which can then be adapted as desired.

Authorization: An authorization allows a user to perform a specific activity in the SAP system based on a set of authorization object field values. Authorizations allow users to perform actions within the system.

Authorizations can also be assigned via "Shortcut for SAP systems".

If you want to get more information about SAP basis, visit the website www.sap-corner.de.


This trace data can be used by developers to maintain the permission proposal values in the transaction SU22 (see also Tip 40, "Using the permission trace to determine suggested values for custom developments").

The freeware Scribble Papers puts an end to the confusing paper chaos. The tool is also suitable for storing, structuring and quickly finding text documents and text snippets of all kinds in addition to notes.


With this note, the RSUSR200 and RSUSR002 reports are extended by the selection of different user locks or validity.
Zurück zum Seiteninhalt