03-27-2009 11:19 AM
Hi, May I know the difference between Authorization and Authorization Object? Also explain difference between profile which is there for each Authorization object and role profile.Why we call it, in the same name.
I don't know how right I am in the above questions because I am new to SAP.Kindly help me to find the answer.Thanks in Advance.
03-27-2009 11:47 AM
Hi, May I know the difference between Authorization and Authorization Object? Also explain difference between profile which is there for each Authorization object and role profile.Why we call it, in the same name.
Check the below sap link, you will also get many threads if you search in sdn.
http://help.sap.com/saphelp_banking463/helpdata/en/5c/deaa74d3d411d3970a0000e82de14a/frameset.htm
Regards,
Gowrinadh
Edited by: Julius Bussche on Mar 27, 2009 1:45 PM
Code tags => Quote tags - otherwise the formating is messed up.
03-27-2009 12:23 PM
03-27-2009 11:50 AM
I prefer to look at the authorization object as a template. An authorization, based on an authorization object, has values in its fields.
A profile as seen in the role and the user master holds all authorizations. This profile can be devided in subprofiles to separate multiple authorizations based on the same object.
If you have a role and profile with for example two authoirzations based on S_TABU_DIS:
1 ACTVT 03 and DICBERCLS *
2 ACTVT 01, 02 and DICBERCLS SS
The system creates a separate profile for each one to prevent the values from getting mixed up.
03-30-2009 11:57 AM
Hi Karthika,
The fields in an Auth. object can be given different values based upon the requirement of the users. One set of such values is called an "Authorization".
For example as mentioned in the previous post, for S_TABU_DIS
1. ACTVT -- 03 and DICBERCLS -- * can be treated as one Authorization and
2. ACTVT 02 and DICBERCLS -- S* can be treated as another authorization.
Regards,
03-30-2009 12:10 PM
<copy&paste_removed_by_moderator>
Edited by: Julius Bussche on Mar 30, 2009 1:21 PM
03-30-2009 12:47 PM
Hi,
SAP R/3 started authorizations with Profiles, the Profiles can contain authorization objects and the authorization objects has fields. When you add values to the fields than you have an authorization. In the old days SAP allowed you to nest profiles. Profiles you could add to the user. It was quit a lot of work to set up an authorization concept this way, you even have to scan abap programs or and work with traces.
Luckily SAP created a describing part, the roles and composite roles now provided by transaction PFCG. This way you have input from files when adding a transaction to the menu and don't have to figure out it all yourselves. The describing part is more understandable then the old profile part. But at the end the PFCG creates profiles and those are always needed in the user account.
So, roles and composite roles are the describing part and the technical part are profiles with authorization objects and values gives the authorization.
You should only be taking about roles, the profiles are for the system but sometimes handy to look for troubles. Transaction SU02 let you look into the profiles. You can see there if it is hand made or generated. Generated profiles always come with the role and you can not add it or delete it only by adding or deleting the role or when the validity date expired then the system takes care of it(if you have installed your batch jobs regarding this point all right).
You must see roles as processes in SAP R/3 i.e. sales. You can define more sub processes covering the sales process. Then take the composite role as a job i.e. the person that create sales orders.
So you can define more jobs and have sub processes you can use again for other jobs.
I think you should read the book Authorizations made easy.
have fun
Bye Jan van Roest
04-08-2009 12:48 PM