Authorization objects are groups of authorization fields that control a particular activity. Authorization fields are contained within authorization objects. Authorization objects relate to a particular action while authorization fields allow for security administrators to configure specific values in that particular action. An authorization field can be populated with many values. For example a value of “01” in authorization field ACTVT (Activity) gives the user the ability to create while a value of “03” gives the user the ability to display.
Every authorization object must contain at least authorization field, but can contain up to 10 authorization fields. There are almost 1000 different authorization objects. One authorization object can control the same activity in multiple transactions. If you think about it, about 1000 different authorization objects control about 65,000 transactions.
Authorization Object Class
Authorization objects are grouped by authorization object classes. Authorization object classes are typically grouped by function areas (e.g., Human Resources, Financial Accounting, Plant Maintenance). There are about 50 different authorization object classes.
Think of authorizations like so:
Authorization Object Class >Authorization Object > Authorization Field > Authorization values
An authorization can be thought of is an authorization object and its unique combination of fields and values. An authorization object can contain many different types combinations of authorizations.