• Home
    Blog Home This is where you can find all the blog posts throughout the site.
  • Tags
    Tags Displays a list of tags that have been used in the blog.

Authorization Fields – Interesting Stats for SAP Authorization Experts

  • Font size: Larger Smaller
  • Hits: 9703
  • 9 Comments
  • Print

Authorization Fields – Just a Quick Explanation

Screen_Shot_2014-04-24_at_10.24.54_AM.png

Authorization fields are the basic elements of an authorization object.

For example, in an authorization object for a company code, if you’d like to allow the user to use screens in company code 1000 in “Display” mode only, but company code 2000 in “Change” and “Display” modes, you will probably define the object with two instances:

  • Company 1000, Activity “Display” – in technical terms BUKRS = 1000, ACTVT = 03
  • Company 2000, Activities “Change” and “Display” – in technical terms BUKRS = 2000, ACTVT = 02, 03

And then you’d put these instances into an authorization role and grant the role to the user.

Now, for the Stats

We’re working on a large project with a huge amount of authorization data. In order to estimate how much disk space to allocate, we needed some statistics about authorization fields. When we dug into the data, we found some surprising answers that we thought would be fun to share…

What’s the Average Number of Authorization Fields in an Authorization Object?

Screen_Shot_2014-04-24_at_10.24.54_AM.png

It’s interesting to see that although SAP has 10 possible spots for authorization fields per each authorization object, most standard SAP authorization objects (44%) include only two authorization fields. While this is not a huge surprise, we’d expect that the majority of the rest of the SAP authorization objects would include three authorization fields, but it’s not – 25% of the authorization objects include a single field! See the stats for yourself, below:

Screen_Shot_2014-04-24_at_10.44.59_AM.png

What are the most popular authorization fields?

Well, the answer won’t shock you – the most popular field is ACTVT (i.e. “Activity”), which is the type of access to grant. However the top 5 list is not so trivial…

See the data of the top 5 authorization fields, below:

Screen_Shot_2014-04-24_at_10.43.51_AM.png

Although I would guess the No.1 position on my own, I was surprised to see TCD in fifth place. It means that there are many, many authorization objects that contain TCD… Another unexpected fact is that TCD is not being used only in the authorization object S_TCODE, but there are more authorization objects that include field TCD. Did you know this fact?

What’s the Most Controlled Application Area?

Each authorization object is related to an application area. For example, the famous object P_LOG (Personnel Planning) belongs to the HR module.

It’s interesting to see which application area has many objects (a high level of separation and control) and which application area has only a few.

So, without further ado, here’s the data:

Screen_Shot_2014-04-24_at_10.59.36_AM.png

It looks like BASIS is the most crowded application area, which for experienced people doesn’t make sense. However, if we add up all the financial sub-modules, we’d see that FI-CO is the big winner here. For me, that is to be expected.

We Want to Hear From You – Ask for a Stat.

Do you have statistics that you are interested in finding out about? We’re sitting on a goldmine of data and we can give you some more very interesting stats. Just ask us by leaving your question in the comments section below, and we’ll do our best to answer. 

Yoav Michaeli joined Xpandion in 2008 as a team leader, and in 2010 Mr. Michaeli began managing the entire Research & Development group of the company. Prior to joining Xpandion, Mr. Michaeli served in an elite technological unit of the Israeli Defense Forces as a team leader for various key military projects. Among other achievements, he was instrumental in pioneering the use of advanced .NET technologies for large scale distributed systems. Mr. Michaeli is an expert in programming, agile development, application security and specialized programming techniques.

Comments

  • Guest
    Avi Averbuch 24/04/2014

    Valuable article

  • Guest
    Andre Rangel 24/04/2014

    Great and interesting article. Valuable read.

    Thanks.
    AR

  • Guest
    Ajmer S. Mann 24/04/2014

    Interesting data Yoav. Notable - 85% of the authorizations have 1-3 authorization fields.
    The surprising part is, as author points out, there are more authorizations with a single field than with 3 fields.... but again, this data is from SAP Standard authorizations. For individual projects, authorizations with 3 fields may be greater than the authorizations with just 1 field.
    Valuable read!
    Thanks.

  • Guest
    Guest 25/04/2014

    awesome article, generally we know this, but never put a thought on it!

  • Guest
    Michel Braak 25/04/2014

    Indeed most are expected results. Wonder why TCD is used so much, why is it needed next to the field in S_TCODE?

  • Guest
    Sandro Donadon 25/04/2014

    Very interesting.

  • Guest
    punit bafna 04/06/2014

    Interesting to know!

  • Guest
    Peter Hofer 09/06/2014

    It would be interesting to understand where TCD is being used to control the activity. For example in PM a lot of objects have 2 fields with one being TCD, in these scenarios TCD is being used as a proxy for ACTVT.

  • Guest
    Prasad 30/10/2014

    Thanks Nice Article. Interesting...:)

Leave your comment

Guest 28/04/2017

Headquarters

+972-3-624-4245

157 Yigal Alon Street,

Tel Aviv 67443, Israel

info@xpandion.com

US Office

+1-800-707-5144

33 West 19th Street, New York,

NY 10011, USA

info.us@xpandion.com

India Office

+91-989-2546216

C 103, Akruti Orchid Park, Andheri-Kurla Road,

Andheri East, Mumbai, India

info@xpandion.com