This post deals with SAP Authorization concepts. Authorization decides what tasks a user can perform. It is here that the system checks as to what the user is “authorized” to do.
SAP Authorization concepts of R/3 Security is based on roles and authorization profiles which give access to users to perform their tasks. It means that users can perform those tasks whose authorizations have been given to them via the roles assigned to them. User Master Record of a user defines the authorizations assigned to a user.
User Master Record of a user defines the authorizations assigned to a user.
User Master Record contains the information related to user e.g. user id, authorization profile etc. User details can be accessed/created/managed using the transaction SU01. It is the responsibility of User Administrator/SAP System Administrator to maintain user master records of users.
Transaction SU01D is Display only transaction for user details.
Transaction code PFCG (Profile Generator) is used to create roles. Roles can either be assigned to users via User Tab in PFCG or Roles tab in SU01 tcode.