Authorization Concept
Consider yourself in a large structure where you require authorization to enter certain areas or carry out particular tasks. That permission is the key to authorization. It’s comparable to having the appropriate keys to enter doors or having access to particular functionalities in a computer system. Permission or privileges are the key components of authorization. Like having the ability to perform certain actions within a system or piece of software.
Authentication
Now, you must establish your identity before you can receive those keys or access privileges. It’s known as authentication. It functions similarly to inputting your username and password or producing your ID to verify your identity. On the other hand, authentication functions as a user identification verification. It’s the stage where you verify your identity, frequently by typing in a login ID and password.
Authorization Fields and Authorization Objects
To accomplish this, “Authorization Fields” and “Authorization Objects” are always used in sophisticated systems like SAP. Authorization Objects can be thought of as collections of Authorization Fields.
Explanation: Two key components are used to ensure security and organisation: “Authorization Fields” and “Authorization Objects.” Now consider these “Authorization Fields” to be groups of “Authorization Objects.” It’s similar to grouping together pertinent permission-related facts. Therefore, you use these groups (Authorization Objects) that contain precise information (Authorization Fields) about what an individual is permitted to do if you need to control access to different portions of the system. It’s similar to organising items into folders; in this instance, the main focus is on maintaining a secure and well-managed system.
Object Class
The Object Class of each Authorization Object identifies the category or domain to which it belongs. This aids in categorising and understanding the many types of permissions.
Explanation: Think of this as sorting items into several boxes. The many permission kinds are organised and made sense of by each box, which functions as a category or domain. When it comes to permission, each permission Object’s Object Class serves as a label, indicating to us which category or domain it belongs to. It is a method for properly categorising and comprehending the many kinds of permissions. It’s like grouping related items together to make them easier to handle and understand.
SAP Control
These Authorization Objects regulate what you can and cannot do in a system like SAP, which is a robust piece of software. They determine which areas you can access and what you can do there.
These Authorization Objects in this situation are in charge of your actions. They decide what you are allowed and not allowed to do within the system.
Examples with Transaction SU01
Let’s put it into practise by using an example: picture a device called SU01.
You require authorization in order to create a user, and the authorization object for this is named S_USER_GRP.
It takes a distinct permission, known as S_USER_AGR, to give roles to users.
Additionally, the S_USER_PRO Authorization Object is required if you want to assign profiles to users.
Creating Roles
Here’s where things start to get interesting. Based on these Authorization Objects, you can build roles. Similar to predetermined sets of permissions, roles.
Role 1: A person with Role 1 has access to transaction SU01, S_USER_GRP user group assignment, and S_USER_AGR role assignment. However, they are unable to assign other users’ profiles.
Role 2: Using Role 2, users can assign roles (S_USER_AGR) and profiles (S_USER_PRO) as well as use SU01. They are unable to add new users, though.
Role 3: Those who possess this role are able to use SU01 but lack any specific Authorizations. They are so powerless to take any action inside SU01 and SU01 only for Display.
Therefore, to put it simply, authorization refers to limiting who can perform what in a system like SAP. It’s like giving various people separate keys, allowing them to only enter certain areas and carry out certain tasks while barring them from performing others.
Hey people!!!!!
Good mood and good luck to everyone!!!!!