Access to mobile business objects (MBOs) and operations that are mapped to logical roles is authorized by delegating authorization checks to mapped security provider for the package. The given user’s principal is checked for its membership in the corresponding physical role that is mapped to the logical role assigned to the MBO or operation.