Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Showing results for 
Search instead for 
Did you mean: 

When to create new authorization objects

Former Member
0 Kudos
87

Hi Experts,

I am learning SAP Security.

I have one question , what is the necessity of creating new authroization field and object , when SAP gives a huge list of objects /fields.

Is there any reason behind like, whenever a customised transaction is created, a new authorization object or filed has to be created?

Regards,

Rekharaj

3 REPLIES 3

Former Member
0 Kudos
55

Hi,

I recommend to use them when a standard SAP object does not provide the functionality that you require.

One example would be where you have a custom transaction with fields or functionality which do not relate to the standard authorisation schema.

On the other side, if you have a development which is related to posting an FI document and is controlled via company code then you can pick from standard.

0 Kudos
55

Thank You Alex

0 Kudos
55

Trick is to find not only a standard authorization object with the same field you are looking for, but an object already assigned to the users with those roles with the same semantic for all it's fields - so that you can simply reuse the existing concept which is also assigned to the sets of users.

Often you will find "base" function modules and classes you can use to do all that work for you. Just call them at the correct location in the code and dont forget to check the return code and react to it.

If you use BAPI APIs to access or process data, then many of them make these same semantically correct checks "out of the box".

Cheers,

Julius