SAP system is structured in a very complex way, the definition and assignment of all necessary authorizations for all individual users is only possible in theory. In practice, because of the great effort, this cannot be realized. As a result, individual authorizations can be combined to an authorization profile.
On the other hand, several authorization profiles can be combined into composite profiles.
SAP already encloses an extensive number of authorization profiles that cover the needs in many cases. Through this the authorization design of the user masters is decisively simplified. According to the name convention of SAP, the standard profiles also have on the second place of their technical name an underline.
It also has to be observed, that for company copies another sign has to be used, such as a colon or an equal sign. It is always possible to create company specific profiles resulting from new or existing authorizations.
Profiles can exist in different status in the SAP system:
- active or inactive
- maintained (adapted to actual conditions) or left to standard.
The authorizations contained in the profiles result in the authorization extent of the user, who got them assigned to his master record.
The name of the profile does not necessarily say anything about its real possibilities.
When restrictions are to become effective in profiles, the standard profiles will be copied, the concerned standard authorizations deleted from the copy and supplemented by company specific authorizations, as a copy of a profile contains initially all the identical authorizations of the original.
For a better overview, the profiles are classified according to working areas and typical scopes of duties. This way, a user of the vendor accounting can get in addition to his already assigned profiles of the vendor accounting for example, the profile for the data archiving assigned if necessary; another user might get the right for the user administration in addition.
Overview of profiles
With the transaction SU02 you can have the profiles displayed that exist in your system.
For further information we have to go to the Transaction SA38/SE38. There you have to enter the report name RSUSR020 [transaction S_BCE_68001409].
With a composite profile we are only confronted with one additional instance and that is the information, which single profiles are assigned to this composite profile.
It is also possible to carry out a Where-used list.
Table overview
In the table UST10S via transaction SE16N all single profiles with their authorizations are registered.
This table is a transparent table to USR10. Let your entries be additionally sorted after the preparation.
Maintained texts to profiles are deposited in the table USR11.
Overview of composite profiles
We have already discussed composite profiles in the preceding section, concerning the overview with transaction SU02.
You can receive the tabular overview through the transaction SE16N with the table UST10C.
