Hi,

<b>Authorization Object</b> are used to give authority to the user according to the position he or she is holding the organization unit.

Different roles are assigned to the position of the organization unit and these roles in turn are assigned to the task.

In SAP these task are assigned to the transactions .

So the user is given authorization for the particular transaction.

This way user are controlled from using the data which they are not supposed to accesss.

Sometimes the authorizatio is only to read , that mean user can see the data but cannot change.

In some case the user is not eligible to see the data not relevant to his aera . eg. a sales rep in one sales area is not supposed to view the data of another sales area or sales rep.

Even the user might be authorized for a transaction but the usage will be limited to area relevant to his /her work.

The <b>authorization group</b> allows extended authorization protection for particular objects. The authorization groups are freely definable. They usually occur in authorization objects together with an activity.

The table that contains all authorization objects is TOBJ.

The table that contains all activities is TACT.

The table that contains definition of all authorization groups is TBRG.

TBRG -- Contains all authorization groups and gives information about relation between authorization object and authorization group. The description of the authorization groups is defined in table TBRGT.

Please also refer to foll links

http://help.sap.com/saphelp_nw04s/helpdata/en/80/1a6859e07211d2acb80000e829fbfe/content.htm

http://help.sap.com/saphelp_apo/helpdata/en/35/26b17fafab52b9e10000009b38f974/content.htm

Please reward for the same.

Hi,

<b>Authorization object</b>

Authorization Object are used to give authority to the user according to the position he or she is holding the organization unit.Different roles are assigned to the position of the organization unit and these roles in turn are assigned to the task.In SAP these task are assigned to the transactions .So the user is given authorization for the particular transaction.This way user are controlled from using the data which they are not supposed to accesss.Sometimes the authorizatio is only to read , that mean user can see the data but cannot change.

In some case the user is not eligible to see the data not relevant to his aera . eg. a sales rep in one sales area is not supposed to view the data of another sales area or sales rep.Even the user might be authorized for a transaction but the usage will be limited to area relevant to his /her work.

Authorization object is created in tcode SU21.

<b>Authorization group</b>

An authorization group contains tables and views with the same security requirements.In the Table maintenance dialog, you maintain the same gorup for tables that require similar authorizations.To activate the authorization, you must determine an activity for the authorization group in the authorizaton objects S_TABU_DIS & may be S_TABU_CLI. The link between the Auth group & auth Obj is in table TBRG.You can also assign authorization groups to tables to avoid users accessing tables using general access tools (such as transaction SE16). A user requires not only authorization to execute the tool, but must also have authorization to be permitted to access tables with the

relevant group assignments. For this case, we deliver tables with predefined assignments to authorization roups. The assignments are defined in table TDDAT; the checked authorization object is S_TABU_DIS.You can assign a table to authorization group Z000.(Use transaction SM30 for table TDDAT) A user that wants to access this table must have authorization object

S_TABU_DIS in his or her profile with the value Z000 in the field DICBERCLS (authorization group for ABAP Dictionary objects).

Check these links too..

http://help.sap.com/saphelp_crm50/helpdata/en/52/671285439b11d1896f0000e8322d00/frameset.htm

http://help.sap.com/saphelp_nw04s/helpdata/en/52/67129f439b11d1896f0000e8322d00/frameset.htm

http://www.sap4.com/contentid-39.html

<b>Reward if helpful</b>

Rgds,

Shakuntala

Gopal,

Yes the assigning is correct. An authorization object contains the authorization for a particular transaction (eg: VA01, VA02, etc). A profile is a collection of many such objects. This profile can either be attached directly to the user, or can be attached to a role which is attached to a user.

Hope this helps.

Sudha

hi gopal,

tell me ur id i send u a PPT file fordocumentations.

chetan vishnoi