https://community.sap.com/t5/application-development-and-automation-discussions/authorization-vs-authorization-object/m-p/5433800#M1246662 <HTML><HEAD></HEAD><BODY><PRE><CODE><P>Hi, May I know the difference between Authorization and Authorization Object? Also explain difference between profile which is there for each Authorization object and role profile.Why we call it, in the same name.</P></CODE></PRE><P></P><P>Check the below sap link, you will also get many threads if you search in sdn.</P><P></P><P><A href="http://help.sap.com/saphelp_banking463/helpdata/en/5c/deaa74d3d411d3970a0000e82de14a/frameset.htm" target="test_blank">http://help.sap.com/saphelp_banking463/helpdata/en/5c/deaa74d3d411d3970a0000e82de14a/frameset.htm</A></P><P></P><P>Regards,</P><P>Gowrinadh</P><P></P><P>Edited by: Julius Bussche on Mar 27, 2009 1:45 PM</P><P>Code tags =&gt; Quote tags - otherwise the formating is messed up.</P></BODY></HTML> Fri, 27 Mar 2009 11:47:40 GMT Former Member 2009-03-27T11:47:40Z https://community.sap.com/t5/application-development-and-automation-discussions/authorization-vs-authorization-object/m-p/5433799#M1246661 <HTML><HEAD></HEAD><BODY><P>Hi, May I know the difference between Authorization and Authorization Object? Also explain difference between profile which is there for each Authorization object and role profile.Why we call it, in the same name.</P><P></P><P>I don't know how right I am in the above questions because I am new to SAP.Kindly help me to find the answer.Thanks in Advance.</P></BODY></HTML> Fri, 27 Mar 2009 11:19:46 GMT https://community.sap.com/t5/application-development-and-automation-discussions/authorization-vs-authorization-object/m-p/5433799#M1246661 Former Member 2009-03-27T11:19:46Z https://community.sap.com/t5/application-development-and-automation-discussions/authorization-vs-authorization-object/m-p/5433800#M1246662 <HTML><HEAD></HEAD><BODY><PRE><CODE><P>Hi, May I know the difference between Authorization and Authorization Object? Also explain difference between profile which is there for each Authorization object and role profile.Why we call it, in the same name.</P></CODE></PRE><P></P><P>Check the below sap link, you will also get many threads if you search in sdn.</P><P></P><P><A href="http://help.sap.com/saphelp_banking463/helpdata/en/5c/deaa74d3d411d3970a0000e82de14a/frameset.htm" target="test_blank">http://help.sap.com/saphelp_banking463/helpdata/en/5c/deaa74d3d411d3970a0000e82de14a/frameset.htm</A></P><P></P><P>Regards,</P><P>Gowrinadh</P><P></P><P>Edited by: Julius Bussche on Mar 27, 2009 1:45 PM</P><P>Code tags =&gt; Quote tags - otherwise the formating is messed up.</P></BODY></HTML> Fri, 27 Mar 2009 11:47:40 GMT https://community.sap.com/t5/application-development-and-automation-discussions/authorization-vs-authorization-object/m-p/5433800#M1246662 Former Member 2009-03-27T11:47:40Z https://community.sap.com/t5/application-development-and-automation-discussions/authorization-vs-authorization-object/m-p/5433801#M1246663 <HTML><HEAD></HEAD><BODY><P>I prefer to look at the authorization object as a template. An authorization, based on an authorization object, has values in its fields.</P><P></P><P>A profile as seen in the role and the user master holds all authorizations. This profile can be devided in subprofiles to separate multiple authorizations based on the same object.</P><P></P><P>If you have a role and profile with for example two authoirzations based on S_TABU_DIS:</P><P>1 ACTVT 03 and DICBERCLS *</P><P>2 ACTVT 01, 02 and DICBERCLS SS</P><P>The system creates a separate profile for each one to prevent the values from getting mixed up.</P></BODY></HTML> Fri, 27 Mar 2009 11:50:20 GMT https://community.sap.com/t5/application-development-and-automation-discussions/authorization-vs-authorization-object/m-p/5433801#M1246663 jurjen_heeck 2009-03-27T11:50:20Z https://community.sap.com/t5/application-development-and-automation-discussions/authorization-vs-authorization-object/m-p/5433802#M1246664 <HTML><HEAD></HEAD><BODY><P>This message was moderated.</P></BODY></HTML> Fri, 27 Mar 2009 12:23:23 GMT https://community.sap.com/t5/application-development-and-automation-discussions/authorization-vs-authorization-object/m-p/5433802#M1246664 Former Member 2009-03-27T12:23:23Z https://community.sap.com/t5/application-development-and-automation-discussions/authorization-vs-authorization-object/m-p/5433803#M1246665 <HTML><HEAD></HEAD><BODY><P>Hi Karthika,</P><P></P><P>The fields in an Auth. object can be given different values based upon the requirement of the users. One set of such values is called an "Authorization".</P><P></P><P>For example as mentioned in the previous post, for S_TABU_DIS</P><P>1. ACTVT -- 03 and DICBERCLS -- * can be treated as one Authorization and </P><P>2. ACTVT 02 and DICBERCLS -- S* can be treated as another authorization.</P><P></P><P>Regards,</P></BODY></HTML> Mon, 30 Mar 2009 10:57:34 GMT https://community.sap.com/t5/application-development-and-automation-discussions/authorization-vs-authorization-object/m-p/5433803#M1246665 Former Member 2009-03-30T10:57:34Z https://community.sap.com/t5/application-development-and-automation-discussions/authorization-vs-authorization-object/m-p/5433804#M1246666 <HTML><HEAD></HEAD><BODY><P><STRONG>&lt;copy&amp;paste_removed_by_moderator&gt;</STRONG></P><P></P><P>Edited by: Julius Bussche on Mar 30, 2009 1:21 PM</P></BODY></HTML> Mon, 30 Mar 2009 11:10:40 GMT https://community.sap.com/t5/application-development-and-automation-discussions/authorization-vs-authorization-object/m-p/5433804#M1246666 Former Member 2009-03-30T11:10:40Z https://community.sap.com/t5/application-development-and-automation-discussions/authorization-vs-authorization-object/m-p/5433805#M1246667 <HTML><HEAD></HEAD><BODY><P>Hi, </P><P></P><P>SAP R/3 started authorizations with Profiles, the Profiles can contain authorization objects and the authorization objects has fields. When you add values to the fields than you have an authorization. In the old days SAP allowed you to nest profiles. Profiles you could add to the user. It was quit a lot of work to set up an authorization concept this way, you even have to scan abap programs or and work with traces. </P><P>Luckily SAP created a describing part, the roles and composite roles now provided by transaction PFCG. This way you have input from files when adding a transaction to the menu and don't have to figure out it all yourselves. The describing part is more understandable then the old profile part. But at the end the PFCG creates profiles and those are always needed in the user account. </P><P>So, roles and composite roles are the describing part and the technical part are profiles with authorization objects and values gives the authorization. </P><P></P><P>You should only be taking about roles, the profiles are for the system but sometimes handy to look for troubles. Transaction SU02 let you look into the profiles. You can see there if it is hand made or generated. Generated profiles always come with the role and you can not add it or delete it only by adding or deleting the role or when the validity date expired then the system takes care of it(if you have installed your batch jobs regarding this point all right). </P><P></P><P>You must see roles as processes in SAP R/3 i.e. sales. You can define more sub processes covering the sales process. Then take the composite role as a job i.e. the person that create sales orders. </P><P>So you can define more jobs and have sub processes you can use again for other jobs. </P><P></P><P>I think you should read the book Authorizations made easy. </P><P></P><P>have fun </P><P></P><P>Bye Jan van Roest</P></BODY></HTML> Mon, 30 Mar 2009 11:47:13 GMT https://community.sap.com/t5/application-development-and-automation-discussions/authorization-vs-authorization-object/m-p/5433805#M1246667 Former Member 2009-03-30T11:47:13Z https://community.sap.com/t5/application-development-and-automation-discussions/authorization-vs-authorization-object/m-p/5433806#M1246668 <HTML><HEAD></HEAD><BODY><P>I got the required answer.Thanks for a answering the question.</P></BODY></HTML> Wed, 08 Apr 2009 11:48:16 GMT https://community.sap.com/t5/application-development-and-automation-discussions/authorization-vs-authorization-object/m-p/5433806#M1246668 Former Member 2009-04-08T11:48:16Z