Authorization Concept In SAP

The SAP authorization concept is based upon the logical relationship between a User ID and the range of system authorizations with which it can be associated.

The architecture of the authorization system is based upon the utilization of several individuals but related logical components: Profiles, Objects, Fields, and Authorizations. 

The user ID refers exclusively to profiles. Each profile grants a set of specific system access authorizations to user. 

The hierarchical authorization concept in SAP.

Authorization Concept In SAP

Composite Profiles

Composite profiles refer to the various employee roles available in the corporation (for instance: Purchasing / Receiving Clerk or Accounts Agent).  As the name suggests, composite profiles may contain multiple user IDs necessary to perform all the business operations associated with a particular role.  A composite profile may encapsulate another composite profile(s).

In practice, a model composite profile should be recognized for each possible role in the organization, which may be used to produce hybrid composite profiles. The over existence of the hybrids can defy the very purpose of composite profiles and they should be created only when specific needs arise.

User Ids

User ids allow access to SAP applications.  Each user must have a corresponding profile specifically assigned.  In many situations, multiple composite profiles can be assigned to a user ID, depending on the role(s) an individual user is responsible for, in the business processes.

Authorizations

Authorizations are the key building blocks of SAP security.  Authorization is the process of assigning values to fields present in authorization objects. 

In SAP, access to all system functionality is achieved through a complex array of authorizations.  Sometimes users find that they lack the necessary authorizations to perform a certain function in the system, in which case the message: "You are not authorized..." is displayed at the bottom of the screen. 

An authorization process may ask for second associated authorization process which in turn asks for third and so on. For example, the task of paying a vendor invoice may require 10 different authorizations.

SAP BC Tips

See Also
Retrieving Infotype Auth For Particular User

Get help for your Basis problems
Do you have a SAP Basis Question?

SAP Basis Admin Books
SAP System Administration, Security, Authorization, ALE, Performance Tuning Reference Books

SAP Basis Tips
SAP BC Tips and Basis Components Discussion Forum

Administration In SAP - Sapgui, Unix, SAP ITS, Router, Client Copy and IDES 

Main Index
SAP ERP Modules, Basis, ABAP and Other IMG Stuff

All the site contents are Copyright © www.erpgreat.com and the content authors. All rights reserved.
All product names are trademarks of their respective companies.  The site www.erpgreat.com is in no way affiliated with SAP AG. 
Every effort is made to ensure the content integrity.  Information used on this site is at your own risk. 
 The content on this site may not be reproduced or redistributed without the express written permission of 
www.erpgreat.com or the content authors.