SAP Authorization Objects Concept

Former Member · ‎07-15-2011

Hello Consultants,

I am somewhat confused between authorizations in SAP...

I have a simple scenario.

1. I have a Tcode: PBA7. The program underneath is RPAPRT09.

2. I have created a Z Role and attached this role to my tcode PBA7.

3. I have attached two users: A and B, to this role.

Now, A and B will be able to access this tcode from their R/3.

There is an option in the attributes of the program and the tcode for authorization groups.

I don't understand how does that authorization group give further restrictions.

Recently, an Audit in our company conveyed that our programs are exposed and not secure and we have been advised to give auth groups to programs.

Please let me know how does this work?

I have observed a few standard SAP programs and they are not attached with any such auth groups. eg. PBA7.

Thanking in anticipation.

Rahul.

Former Member · ‎07-15-2011

Hi Rahul

Sometimes if user get access to se38 they execute the program without TCode and therefore

to overcome scenario like this all the program and grouped together and given an authorization group.

In your roles user can be rectricted to specific Auth group.

Thanks

RAjdeep

Re: How to create Person in HR?