http://wiki.sdn.sap.

com/wiki/display/ABAP/What+are+Authorization+Objects

What are Authorization Objects

Authorization objects are composed of a grouping of fields. The values in these fields will be used in authorization check. There can be a maximum of 10 fields defind on an authorization object. Basically we use this authoirzation objects to check whether the user is having an authoirzation to run perticular transaction. We assign authorization objects to a role with specific ACTVT type. For example a user is authorized only to view, other could be authorized to modify and so on. your basis team to resolve the problem by sending SU53 screen shot. AUTHORITY-CHECK is the statement used in an ABAP Program to perform an authorization check against an authorization obect. This statement will return sy-subrc is 0 if user has required authorization otherwise will return code will be other than Zero. Each return code will have different meaning. Example: 8 - User has to authorization. 12 - Too many parameters etc., IF your userid not attached to specific role than contact

STEP BY STEP TO CREATE AUTHORIZATION OBJECT: STEP1: goto SU21 transaction and create a new Authorization Object Object Name: Z..... Text: ........... ClassL SD (YOUR MODULE) AUTHOR: YOUR ID STEP2: Give authorizatin fields as ACTION - Action of the Authorization Activity - Document Destribution. STEP3: Basis will create a role using transaction PFCG and assign this authorization object to that role. STEP4: Call the AUTHORITY-CHECK Object in your code. AUTHORITY-CHECK OBJECT <authorization object> ID <authority field 1> FIELD <field value 1>. ID <authority field 2> FIELD <field value 2>. IF sy-subrc 0. MESSAGE e000(zzpp) WITH 'No Authorization'. ENDIF.

http://basissap.blogspot.com.br/2008/06/what-is-authorizationauthorization.html

What is authorization, authorization object, authorization profile, role?

Monday, June 16, 20085comments Actions and the access to data are protected by authorization objects in the SAP system. Authorization objects allow complex checks that involve multiple conditions that allow a user to perform an action. The conditions are specified in authorization fields for the authorization objects and are AND linked for the check. Authorization objects and their fields have descriptive and technical names.

An authorization is always associated with exactly one authorization object and contains the value for the fields for the authorization object. An authorization is a permission to perform a certain action in the SAP system. The action is defined on the basis of the values for the individual fields of an authorization object.

A role is primarily a functional description The technical realization of the role, in the form of concrete authorizations is achieved through the authorization profile associated with the role.

What is a composite profile?

A set of profiles which are included under a single profile name is called as a composite profile (SU02)

How can you find missing authorizations? How can you solve?

By running the SU53 transaction. Identify the authorization object where the required filed value is to be given and the do the same thru SU01 or PFCG.