In SAP’s role-based security architecture, Users and Authorization objects are used to create profiles, such as “buyer” or “payer”, and these are used to define functional roles.
As a counter measure for potential fraud, the GRC Access Control Segregation of Duties can dictate that a user should not have, for example, both a buyer profile and a payer profile simultaneously. In simple cases like this, SAP’s authorization concept works great! It’s able to distinguish which user can perform a specific function by limiting their access to certain transactions, programs and services. It even provides an easy way to administrate HR functions like role changes and employee turnover. more “Is Role-Based Access Control Sufficient?”