SAP Tips: How to check authorization objects for a transaction
Security requirements can be complex. You may want to restrict access to change certain parts of certain transactions in SAP. To do this requires authorization objects to be in place – but how do you know if there is not already a standard authorization object in place for the area you are interested in?
One transaction which might help here is SU24. It will give you all the available authorization objects for a specific transaction.
I am running the authorization check for transaction VA01 here and there are hundreds of authorization objects. Unfortunately, there is no search available here, but if I wanted to check whether there is an authorization object around whether a user can amend sales organizations, I can search for this by looking for authorization objects beginning “V” as all sales data begins that way.
As can be seen, there are a couple of authorization objects which may be useful, but both are switched to “Do not check” at present.
From here, I can contact my security analyst to discuss my requirements and see if these are the appropriate objects to use. The security analyst will want to be careful when changing the check indicator as this will potentially have other repercussions.
I hope you find this useful! Stay tuned for another SAP Tip from Eursap soon!
Be sure to also check out Eursap’s SAP Blog for more in depth articles.