Hi ,

in SU21 u will creat Autho.Objects on the required Fields , and activity as well ,

ex.

Au.Object for Comany COde .

Z_BUKRS_XXXX

fields ->BUKRS

-->Activity.

and u will add this authorization Objects in the User Profiles , with values.

Regards

Prabhu

Hi Ratan,

You can try the following links for that.

http://www.thespot4sap.com/Articles/SAP_BC_Authorization_Concept.asp

and also SAP online help.

Authorization objects.

http://help.sap.com/saphelp_nw70/helpdata/en/52/671285439b11d1896f0000e8322d00/content.htm

Role administration.

http://help.sap.com/saphelp_nw70/helpdata/en/52/6714a9439b11d1896f0000e8322d00/content.htm

hi

good

Check the below link.

http://help.sap.com/saphelp_45b/helpdata/en/c4/3a7f6d505211d189550000e829fbbd/content.htm

Thanks

mrutyun^

Hi Ratan,

Creating Authorization Roles

Use

You can create a new authorization role in the SAP system with the Create/Convert Role function.

Prerequisites

To monitor and maintain the data transferred from the portal to the SAP system you need role administration authorization (see Authorizations).

Procedure To create a new authorization role:

... 1. Start transaction WP3R.

The initial screen for role administration, Follow-Up Processes for Portal Roles, appears.

2. On the initial screen, select Maintain Authorization Roles and run the program.

A report is displayed containing all portal roles and the authorization roles associated with them. Roles transferred from the portal are highlighted in blue. The warning icon allows you to identify that there are no authorization roles for these roles.

If a role is highlighted in red, it has been deleted in the portal.

3. To find out which services there are for a role, expand the structure of the relevant role, select a logical system, and choose Goto ® Service list or .

If SAP Enterprise Portal has transferred services that are not supported in the current system, these are displayed in a separate section of the service list and ignored when the services are transferred to the authorization role.

4. To close the window with the service list, choose Continue.

5. Click the logical system and choose Authorization role ® Create/Convert or choose the icon next to the logical system.

The system asks for the name of the new role. If you enter a name for which there is no role to date, the system creates a new one. You can also create more than one authorization role per logical system, depending on how many authorization versions you require.

If you enter the name of an existing role, the system informs you that you can convert this role to an authorization role. The conversion can only take place if you enter the name of a root single role (not a derived role or a composite role).

When converting an existing role to an authorization role, the system assumes that the structure of the role is defined forthwith through the enterprise portal and role assignment is only assigned through the enterprise portal. During conversion, a dialog box points out the consequences.

The services of the portal role are immediately transferred to the menu structure of the new role. You can also use the Create/Convert function for authorization roles. It can be used to create derived authorization roles.

A warning is given if no authorization roles were yet created for the services of a portal role for a logical system.

You Can follow the below links it would be halpfull for you

https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/a92195a9-0b01-0010-909c-f330ea4a...

http://help.sap.com/saphelp_nw04/helpdata/en/c1/db3fc2fd3111d5997a00508b6b8b11/frameset.htm