Authorisation Check Steps Work Flow—->
- User Logon to the system using ID & Passowrd successfully.
- User Executes a Transaction.
- System checks whether transaction code is locked in SM01
- If transactions are not locked then it checks for authoirsation object S_Tcode
- It is allowed then it checks for minimal authorisation in table TSTCA
- If it is allowed then it checks for authorisation objects in SU24
- The authorisations are checked in the programs using command Authority-Check command
- SAP maintains the allowable transactions and allowable authorization objects in SU56 and missing authorizations in SU53
- Each time a tcode is executed it checks in SU56 [UserContext] it is available then allows, if not writes into SU53
The above steps are important to understand the work flow of Authorization Check whenever an User log-on and run a Transaction Code.
- The minimal authorisation that are required to execute a transaction are maintained in table “TSTCA”
- The maximum authorisations that are required to execute a transaction are maintained in table “USOBT”
- The objects that are required to execute a transaction are checked using check indicator in table “USOBX”
These two are standard tables and any customer changes are over written, so these tables are copied to customer tables USOBT_C and USOBX_C using the option in SU25