7 Replies Latest reply: Jul 22, 2010 12:57 PM by Alex Ayers RSS

Authorization Objects in Transaction codes

Sameh Ahmed Essa
Currently Being Moderated

Dear Experts

we are trying to make Authorization Matrix for users authorizations , so what i need to know if is there any way i can get template list includes Tcodes and the Authorization objects corresponding to each Tcode , it will be a lot easier to make the roles .

please if anyone can advice how i can get the tcode list with its objects it will be great.


Sameh Essa

  • Re: Authorization Objects in Transaction codes
    Siddhartha Varma
    Currently Being Moderated

    Hi Sameh,


    Goto transaction SU24. Select "Type of Application" as "Transaction", below give transaction code & execute it

    You will see Authorization Objects listed. All that have been proposed as YES in the proposal column will be checked for that particular transaction code

    You need to maintain the authorization for these particular Authorization Objects

    Alternatively, you can see them in the table USOBT_C


    Edited by: Siddhartha Varma on Jul 21, 2010 5:32 PM

  • Re: Authorization Objects in Transaction codes
    sri s
    Currently Being Moderated

    Hi Sameh,


    please check tables AGR_1250 and AGR_1251.





  • Re: Authorization Objects in Transaction codes
    Franklin Jayasim
    Currently Being Moderated

    Like others said AGR* tables will help

    if you need to also have parent child relationship use AGR_define, apart from using AGR_1251


    you also have AGR_1252 which will give you role to Organization level details

  • Re: Authorization Objects in Transaction codes
    Baig Mirza
    Currently Being Moderated

    Authorization Matrix - Not any table / programme will work for you in this case, you better maintain below checklist :


    1) Gather company data : Organization Structure HR will help you in this. (you need to get all details on Organization values such as Company Code, Plant, Purchasing / Sales Organization etc.,

    2) Prepare a sheet for every module (PP,MM,SD,FI,CO,HR etc.,)

    3) Study the Organization structure & Identify the Job responsibility of the person in current organization & what function he / she will do in SAP.

    4) A sheet contains T-codes & description (you can get list of tcodes from respective functional consultant), Role Name, Activity - create/change/display et.,

    5) Don't add all t-codes Ex- PP : Add only those tcodes access by you users : End or Core users. Sometime it doesn;t make sense to give create / change / delete t-codes to a user who's only responsible for doing data entry job or a user who is responsible only for creating materials not approving / sending.

    6) Make a sheet that maps you users to role

    7) Always review / approve your Matirx from respective Functional Head, as a BASIS we can't take decision on Functional side.

    8) Always test you roles in DEV / QAS (training client) assigned to a test user by your functional cunsultant.

    9) Always remember of cross functionality authorizations (like some time they may

    10) Always make sure that none of the user gets any BASIS activity authorization.


    I gather above points from my experience where I was involved in designing Matrix, It can be defferent depends upon the organization.