Object class Object classes have an orange background in the hierarchy display.

Authorization objects are divided into classes for comprehensibility. An object class corresponds e.g. to an application (Financial accounting, etc.) The SAP authorization concept object classes are under Tools Administration User maintenance Authorizations. Authorization objects Authorization objects have a green background in the hierarchy display. You may need several authorizations to perform an operation in the SAP System. The resulting contexts can be complex. The SAP authorization concept, based on authorization objects, has been realized to provide an understandable and simple procedure. Several system elements which are to be protected form an authorization object. An authorization object allows complex tests of an Authorization for multiple conditions. Authorizations allow users to execute actions within the system. An authorization object groups up to ten fields that related by AND. For an authorization check to be successful, all field values of the authorization object must be maintained in the user master. You get the authorization object documentation by double-click on an authorization object. The documentation describes how you maintain the authorization values.

Authorizations Authorizations have a yellow background in the hierarchy display. Authorization fields are light blue and their values are white. An authorization enables you to perform a particular activity in the SAP System, based on a set of authorization object field values. The programmer of a function decides whether, where and how authorizations are to be checked. The program determines whether the user is authorized to perform an activity by comparing the specified authorization object field values in the program with the authorization values in the user master record. T_9092029701 is an authorization for the authorization object F_KNA1_BUK with the following values: * for company code and 01,02 activity Use of an authorization: Specifies permissible authorization object field values. Contents: One or more values for each field. Authorizations allow you to specify any number of values or value ranges for a field. You can also allow all values, or allow an empty field as a permissible value.

Changes: All users with this authorization in their authorization profile are affected. You can maintain authorizations manually with reference to the authorization object documentation or by double-click on a value field in the following dialog box:

Profile User authorizations are not usually assigned directly to user master records, but grouped together in authorization profiles. Authorizations can be collected in authorization profiles to reduce the maintenance effort which would be required to enter individual authorizations in the user master record. Access authorization changes affect all users with the profile in their master record. You can create profiles manually, but you should use the Profile generator. Use: Specifies authorizations in user master records Contents: Specific access rights, identified by an object name and a corresponding authorization name. Changes only take effect when the user next logs on. Users who are logged on when the change takes place are not affected in their current session. In the example, T_58000097 is an authorization profile containing

company code authorizations. User Master Record These enable the user to log onto the SAP System and allow access to the functions and objects in it within the limits of the specified authorization profiles. Changes only take effect when the user next logs on. Users who are logged on when the change takes place are not affected in their current session. In the example a user whose user master record contains the profile T_58000097 can perform the activities in the profile authorizations.