What is an authorization object?

Authorization objects are groups of authorization fields that control a particular activity. Authorization fields are contained within authorization objects. Authorization objects relate to a particular action while authorization fields allow for security administrators to configure specific values in that particular action. An authorization field can be populated with many values. For example a value of “01” in authorization field ACTVT (Activity) gives the user the ability to create while a value of “03” gives the user the ability to display.

SU21-Authorization Objects

SU21-Authorization Objects

Every authorization object must contain at least authorization field, but can contain up to 10 authorization fields. There are almost 1000 different authorization objects. One authorization object can control the same activity in multiple transactions. If you think about it, about 1000 different authorization objects control about 65,000 transactions.

Authorization Object Class

Authorization objects are grouped by authorization object classes. Authorization object classes are typically grouped by function areas (e.g., Human Resources, Financial Accounting, Plant Maintenance). There are about 50 different authorization object classes.

SU21-Authorization Objects

SU21-Authorization Objects

Think of authorizations like so:

Authorization Object Class >Authorization Object > Authorization Field > Authorization values

An authorization can be thought of is an authorization object and its  unique combination of fields and values. An authorization object can contain many different types combinations of authorizations.

This entry was posted in Security and tagged , , , , , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *