Beruflich Dokumente
Kultur Dokumente
Ramesh Gurram
2014.02.14
CGI Group Inc. CONFIDENTIAL
Security Architecture:
Authorization Objects Intro
User Master Record
Roles Single, Derived, Composite
Task-based vs. Job-based Roles
Profiles
Authorization Objects
User Buffer
4 Doors to SAP Security
Authorization Objects :
Authorization Objects are the keys to SAP Security
When you attempt actions in SAP, the system checks to see whether
you have the appropriate Authorizations
Groups 1 to 10 authorization fields together. These fields are then
checked simultaneously..
10
Authorization Concept :
11
Roles :
Roles are built on top of Profiles and include additional components
such as: User menus
Personalization
Workflow
12
an independent Role
Derived
Composite
13
14
15
Profiles :
Authorization Objects are stored in Profiles
Profiles are the original SAP Authorization infrastructure
Ultimately a users Authorization comes from the Profile/s that they
have assigned
Profiles are different from Roles
16
User Buffer:
When a User logs into the system, all of the Authorizations that the User
has are loaded into a special place in memory called the User Buffer
17
18
19
20
21
22
23
SU53:
Last Authorization check that failed.
May or may not be the Authorization that the User actually needs. Look
at context clues to determine if it is appropriate.
User may need more Authorization Objects after this one is added.
24
Authorization Trace:
Transaction ST01
Records all Authorization Checks performed while a User is in the
system.
Does not include Structural Authorizations in HR Security.
25
26
Authority Check:
27
28
29
30
31
Thank You
Any Questions???
32