When to create new authorization objects

Former Member · ‎02-10-2012

Hi Experts,

I am learning SAP Security.

I have one question , what is the necessity of creating new authroization field and object , when SAP gives a huge list of objects /fields.

Is there any reason behind like, whenever a customised transaction is created, a new authorization object or filed has to be created?

Regards,

Rekharaj

Former Member · ‎02-10-2012

Hi,

I recommend to use them when a standard SAP object does not provide the functionality that you require.

One example would be where you have a custom transaction with fields or functionality which do not relate to the standard authorisation schema.

On the other side, if you have a development which is related to posting an FI document and is controlled via company code then you can pick from standard.

Former Member · ‎02-10-2012

Thank You Alex

Former Member · ‎02-10-2012

Trick is to find not only a standard authorization object with the same field you are looking for, but an object already assigned to the users with those roles with the same semantic for all it's fields - so that you can simply reuse the existing concept which is also assigned to the sets of users.

Often you will find "base" function modules and classes you can use to do all that work for you. Just call them at the correct location in the code and dont forget to check the return code and react to it.

If you use BAPI APIs to access or process data, then many of them make these same semantically correct checks "out of the box".

Cheers,

Julius