Skip to Content
author's profile photo Former Member
Former Member

SAP Authorization Objects Concept

Hello Consultants,

I am somewhat confused between authorizations in SAP...

I have a simple scenario.

1. I have a Tcode: PBA7. The program underneath is RPAPRT09.

2. I have created a Z Role and attached this role to my tcode PBA7.

3. I have attached two users: A and B, to this role.

Now, A and B will be able to access this tcode from their R/3.

There is an option in the attributes of the program and the tcode for authorization groups.

I don't understand how does that authorization group give further restrictions.

Recently, an Audit in our company conveyed that our programs are exposed and not secure and we have been advised to give auth groups to programs.

Please let me know how does this work?

I have observed a few standard SAP programs and they are not attached with any such auth groups. eg. PBA7.

Thanking in anticipation.


Add a comment
10|10000 characters needed characters exceeded

Related questions

1 Answer

  • author's profile photo Former Member
    Former Member
    Posted on Jul 15, 2011 at 05:34 PM

    Hi Rahul

    Sometimes if user get access to se38 they execute the program without TCode and therefore

    to overcome scenario like this all the program and grouped together and given an authorization group.

    In your roles user can be rectricted to specific Auth group.



    Add a comment
    10|10000 characters needed characters exceeded

Before answering

You should only submit an answer when you are proposing a solution to the poster's problem. If you want the poster to clarify the question or provide more information, please leave a comment instead, requesting additional details. When answering, please include specifics, such as step-by-step instructions, context for the solution, and links to useful resources. Also, please make sure that you answer complies with our Rules of Engagement.
You must be Logged in to submit an answer.

Up to 10 attachments (including images) can be used with a maximum of 1.0 MB each and 10.5 MB total.