Authorization concept in SAP system and Profile


SAP System Authorization Concept deals with protecting the SAP system from running transactions and programs from unauthorized access. You shouldn’t allow users to execute transactions and programs in SAP system until they have defined authorization for this activity.

To make your system more secure and to implement strong authorization, you need to review your authorization plan to make sure that it meets the security requirement of the company and there are no security violations.

The Transaction Code: SU01 is used for user creation in a SAP system. In the following screen, you can see different User types in a SAP system under the SU01 Transaction.

You can create profile and role for new user using T-code: PFCG
In SAP system, profile is used as an element in the authorization system. It allows user to access the system. For authorization check, system checks on the particular profile which is assigned to user for the proper authorization.
Below shows screen of Role maintenance. In case you want to copy an old role to a new role, you can choose copy as option.
Enter the old role in Role field then press copy as:

If you want a Transaction to add to a role, you can click on Transaction tab and select the Transaction code.

Updated on 30-Jul-2019 22:30:20