To protect the integrity of the business data in the R/3 System, authorizations must be set up to restrict access to chosen functions, objects, transactions or data.
The authorizations checks are included in the SAP code by the programmers. To execute an operation in the SAP System, several authorizations may be required. The resulting relationships can get very complicated. To ensure ease of understanding and use, the SAP authorization concept was designed based on authorization objects.
For usability and maintenance simplification purposes, authorizations are combined in authorization profiles which will be assigned to the users.
Authorization profiles can be created in 2 ways:
- Manually : this method was used before release 3.1 as it was the only possible one at the time. Its major drawback is that it implies a detailed knowledge of all the SAP authorization components and keeping up to date after each release.
- Automatically: the Profile Generator was introduced with release 3.1 to simplify and accelerate user administration, and to reduce the complexity of SAP authorizations maintenance.