A user's right to read and write specific data objects stored in a data processing system may be specified in his or her user profile. Manual maintenance of such user profiles is a tedious and error prone task. For example, if an organizational structure of a company changes, the respective user authorizations also need to be changed. This may require a manual update of a large number of user profiles that are afflicted by the organizational change.
Structural user authorization is a concept that aims to reduce this drawback. For example, SAP's authorization system as implemented in SAP R/3 (commercially available from SAP AG, Walldorf, Germany) has a structural authorization concept, as described in SAP Authorization System—Design and Implementation of Authorization concepts for SAP R/3 and SAP Enterprise Portals, IBM Business Consulting GmbH, SAP Press (see Chapter 2.3.5, page 52).