1) Call up the transaction SU03
2) Transaction SU21 - The transaction SU21 provides a similar editing structure as the transaction SU03
Table of authorization objects
Call the transaction SE16N. Enter the table TOBJ into the field Table. You may add further selection options to the selection mask if required. The execution of the data preparation can be started with the key F8.
An overview of all object classes is provided in the table TOBC. Texts for authorization objects are deposited in the table TOBJT.
Authorizations Structure
Ownership
The creation of users belongs to the functions of a SAP-system administrator or to an user administrator. The assignment of authorizations is an incumbency of another person, the authorization administrator. The segregation of these working areas is recommendable for the reduction of security risks. If a user had the right to create new users and assign authorizations, he could then equip himself with a user including all authorizations for the SAP-System and might get unrestricted access to all data this way. This can be prevented by dividing the corresponding working areas.
The maintenance of authorizations can only succeed in close cooperation with the end-user department or lies totally in their responsibility.
Changes to the original authorizations may never occur. As a rule a copy may be taken form a standard authorization that may then be modified.
In the next step we will get an overview of the authorizations that exist within the system.
Overview
As already explained, authorizations are always based
exactly on one authorization object. All authorizations that are based
on the same object need different names. However, authorizations that are
based on different objects can have identical names. The name of an authorization
only has to be clear within one object. That is why many authorizations
exist in the system that all have the
same name. Here, as an example, a few standard authorizations
from SAP with the name F_ANZ are listed, that are based respectively on
varying objects.
Object
Auth. Text
F_AVIK_AVA F_ANZ
Financial Accounting Display Authorization
F_AVIK_BUK F_ANZ
Financial Accounting Display Authorization
F_BKPF_BED F_ANZ
Financial Accounting Display Authorization
F_BKPF_BEK F_ANZ
Financial Accounting Display Authorization
F_BKPF_BES F_ANZ
Financial Accounting Display Authorization
F_BKPF_BLA F_ANZ
Financial Accounting Display Authorization
F_BKPF_BUK F_ANZ
Financial Accounting Display Authorization
F_BKPF_GSB F_ANZ
Financial Accounting Display Authorization
F_BKPF_KOA F_ANZ
Financial Accounting Display Authorization
F_BNKA_BUK F_ANZ
Financial Accounting Display Authorization
An authorization is therefore not identified only through the name, but through the name and the underlying authorization object.
If authorizations were created, then these cannot be utilized right away for the right assignment to the users. The authorizations have to be released first for further use. This procedure is called Activation in SAP®. After the activation procedure, the authorization is available for assignment.
Authorization Object Tcode
Our starting point for the authorization overview is therefore the authorization object. Call up the transaction SU03.
Select an object class per double-click and set the selection on an authorization object. With another double-click you might branch into the corresponding authorization list.
To get to the detail display you have to switch to the transaction SA38/SE38 in a parallel mode. There you have to enter the report RSUSR030 [transaction S_BCE_68001414 or S_BCE_68001417]. Enter the authorization object that is to be reviewed into the selection mask, and generate your selection afterwards via F8.
Authorizations via Table
Select the table USR12 for the transaction SE16N and enter your selection criteria.
Texts for authorizations are located in the table USR13
