Extensive SAP Authorization Object Guide

Ensuring the security of a business’s network is of utmost importance when creating information. No matter what stage of product production you have completed, creating SAP authorization objects helps you ensure that only the right users can attain the information shared on that specific task. One of the most frequently asked questions regarding all programs circles around creating authorization objects can add to the abilities already established the existing authorization objects. Skimming over different guides or attempting to find forums regarding this subject can prove quite the time consuming task itself. Here is a condensed, convenient guide on how to create SAP authorization objects when using an ABAP program.

Extensive SAP Authroization Object Guide

Part One: Authorization Field

The first step in making an SAP authorization object is to make an authorization field. To do this, access the code of SU20, and click on the ‘Create’ button in the top left corner of the screen. You will then type a field name and data element into the given space. The field code needed for this task is ZTRNCODE, while the data element is TCODE. Then, press the ‘Enter’ key, and click on ‘Save.’

Driving Business Value Through UC - Sap-ebook-banner

Part Two: Authorization Class

The second step in creating an SAP authorization object is to create an authorization class. You can do this by using the code SU21. Then, click on the ‘Create’ icon, which will allow you to formulate the ‘Object Class.’Use the code ZTC as the object class, and provide the breif description needed for the class itself before clicking ‘Save.’

Part Three: Authorization Object

Now, you are finally about to embark on creating the SAP authorization object for the APAB program. Navigate to the transaction labeled SU21, then click on the authorization class that you created the previous step. Next, click on the ‘Create’ icon, and then click the ‘Authorization object’ as it appears below the icon. For the’Object,’ enter the code ZTRNCODE. You may remember this code from the first step of the creation process. Remember to keep the original authorization fields previously created as well. Press the ‘Enter’ key. Then, click on the ‘Permitted Activities’ icon that appears near the bottom of the screen. The computer may ask if you authorize a pop-up. If so, click ‘OK’ or any other provided response that allows the computer to do so.

You will then be provided with a list of potential actions to take under the title ‘Activities’ Select ‘Create or Generate’ from this given list, as well as ‘Change’ Then, you may save this work and exit.

Part Four: Roles

Now, you need to create roles in order to complete the process of making SAP authorization objects. Don’t worry! You’re almost finished with the process. Use the code of transaction ‘PFCG,’ type it in, and hit the ‘Enter’ key. Your program will then provide you with a space to enter the needed role. Type in ‘ZCUSTOM_ROLE_CREATE,’ then click ‘Single Role.’ Draft your desired description into space provided, then navigate to the Authorization Tab. Click on the icon for ‘Proposed Profile Names.’ Next, click ‘Change Authorization Data,’ and you will be presented with a pop-up. Select the option of ‘Do Not Select Templates’ with this pop-up. Instead, click the ‘Manually’ icon indicated near the top of the screen. Type in the authorization code of ‘S_TCODE’ in the first slot and ‘ZTRNCODE’ in the second slot. Then, use the custom program transaction code ‘ZTEST_AUTH’ and select Activity 01. Finally, click the ‘Save’ and ‘Generate’ icons to finalize this part.

Part Five: Custom Module Pool Program

One last part, and then you will have successfully created an SAP authorization object to ensure both the security and accessibility of the given project. Generate three different, normal type screens under codes 0500, 1000, and 2000. For screen 500, you will need to create a push button. Type in this code in the PAI section of screen 500:

“CASE ok_code







If sy-subrc EQ 0






Then, navigate to screen 1000, generate a text with the description of “You are authorized to create.” Perform the same task with screen 2000, only use the text ‘You are authorized for display’ instead. Generate a transaction code under ‘ZTEST_AUTH.’

Transaction Codes to Remember

  • Generating an Authorization Field: SU20
  • Generating an Authorization Class: SU21
  • Generating an Authorization Object: SU21
  • Generating a Role: PFCG
  • Generating a Custom Program: SE38


You have generated an authorization object for the APAB program. This will allow you to select who among your colleagues is allowed to perform actual work on a project, or simply view it. Thus, you have provided your task with a nature of security while still allowing integral members involved in the process to perform as needed without hindrance or risks. Those that you wish to only view the work will only access a display version, while anyone who actively participates will have the authority to do so.

Ensure you run output tests after engaging in the creation process, so that you can have full confidence that the new authorization objects work properly, and function as you wish. You may also ensure that they function properly for other users as well in this manner. Remember the test authentications you created in parts four and five? You will use this to check up on your work to see if it is user friendly to those you authorize to use it. To do this, login under the username of ZTEST1, before running transaction code “ZTEST_AUTH.” Then, click the yellow icon that reads “Create.” The computer will navigate to a screen that displays the authorized action that the specified use is allowed to take. Repeat this action under the username ZTEST2.

You may make changes as needed afterward as you see fit. Be sure to reference this post the next time someone needs some easy access to steps on performing SAP authorization object creation on an APAB program. It is really as simple as that. As you perform these steps, look at the screen and read the icons and messages carefully to make certain that you are performing the right tasks with the program. Discover our other helpful resources, content, and guides, or ask us a question regarding the creation of SAP authorization objects for another program.



Marissa Hart is the Lead Author & Editor ShareMe. ShareMe is a blog focused on SharePoint Online. SharePoint Online delivers the powerful features of SharePoint without the associated overhead of managing the infrastructure.