SAP AUTHORIZATION CONCEPT & SECURITY IMPLICATION

The authorization concept helps in establishing maximum security, sufficient

privileges (accesses) for end users to fulfill their job duties, easy user maintenance.

Authorizations are used to control access at the application level. Authentication

controls who have access into the system, in order to do this a user must possess a

valid user master record and a valid password.

When developing a security concept, we tend to seek out; what is to be protected

(ASSETS), Against what (THREATS) and how do we achieve maximum

protection (MEASURES).

A proper authorization concept helps to regulate who can view what or access a
resource in an SAP system.

The following are implications of a poor authorization concept/

1. It could lead to fraudulent being carried out in the system due to excessive
authorizations
2. Sensitive business data could fall into the hands of the wrong people
3. There is a possibility to experience downtime in the cause of business
operations
4.