Describing the Authorization Concept


After completing this lesson, you will be able to:

  • Describe the key elements of the authorization concept.
  • Describe business catalogs and apps.

Authorization Concept

Authorization Concept

The access to business applications is controlled by role-based authorization management. To this end, business roles are assigned to business users to grant access to the required applications and functionality needed for a user's job requirements. Once a business user is assigned a business role, they can get access to applications through business catalogs.

Elements of the Authorization Concept

The following graphic illustrates the elements of the authorization concept:

  • A business user is an employee, contractor, administrator or any other person who can log on to the SAP S/4HANA Cloud, public edition and who needs to complete the relevant business tasks. This person needs access to data to fulfill their tasks but only to the data required for these specific tasks.
  • A business role is a collection of access rights that can be assigned to business users.
  • A business catalog is a set of applications that usually belong together semantically.

Business Catalogs and Apps

An app is assigned to a business catalog. This means, a business catalog is a set of applications that usually belong together semantically.

SAP delivers predefined business catalogs that can be used as they are or extended by adding custom apps.

All available business catalogs and the apps that they contain can be displayed in the Business Catalogs app. In this app, you can also see whether business catalogs are deprecated. If custom applications need to be added to business catalogs, you can do this in the Custom Catalog Extension app.

A business catalog also contains access restrictions that apply to the value help, and read and write access of the apps. An overview of all restrictions and their use in business catalogs can be displayed in the Display Restrictions app.

Identifying the Elements in the Authorization Concept

The authorization concept can be broken down into the following elements:

  1. A business role is assigned to a business user to provide access to business tasks.
  2. One or more business catalogs are assigned to the business role. Administrators control visibility to data by applying general restrictions to individual catalogs within the business role.
  3. One or more applications, displays, or other data access are assigned to each business catalog. Administrators can control visibility to data within granted apps or other data access.

David: "I just had a short call with Sarah to ask her a few questions after reviewing the elements of the Authorization Concept. Here is her answer, and it is quite useful for my future job!"

  • A Business role (for example, sales manager) is assigned to a business user to grant permission to access applications in SAP S/4HANA Cloud, public edition.
  • A business role can include one or more business catalogs (for example, sales order processing).
  • Business catalogs provide access to one or more apps, dashboards, displays of data, or functionality.
  • Administrators can control visibility to the information/functionality granted through a business catalog by applying restrictions (for example, based on sales organization). 
  • Restrictions allow you to define what a business user can view (read) or edit (write) with the information/functionality granted per each business catalog within the assigned business role.


You are now familiar with the authorization concept and its key principles.

You are able to briefly respond if a new employee asks you basic questions.

Log in to track your progress & complete quizzes