Authority check in ABAP
Authorization object is used to control the access to different transaction code.The Authorization Object is where Permitted Activity configurations are performed against specific fields.E.g. Change (being the activity) the material’s text MAKTX (being the specififield), or Read (being the activity) a certain Customer (using Customer Number KUNNR, as the specific field).
Before a User can be granted permission by the Authorization Object, the User’s Master Record isassigned a Role, which includes a Profile.The Profile contains what is simply called the Authorization and is where the specific data for theAuthorization Object field is assigned to the configured Permitted Activity. E.g. Allow changes to anyMaterial Text, or read Customers between the ranges.
Below is code example to demonstrate how to perform authority check in ABAP.
* start of change - add custom code to check the authorization object ZFI_PLANT DATA: lt_t001w TYPE TABLE OF t001w, ls_t001w TYPE t001w. SELECT * INTO TABLE lt_t001w FROM t001w WHERE werks IN sp$00002. LOOP AT lt_t001w INTO ls_t001w. AUTHORITY-CHECK OBJECT 'ZFI_PLANT' ID 'ACTVT' FIELD '03' ID 'WERKS' FIELD ls_t001w-werks. IF sy-subrc <;>; 0. MESSAGE e000(zrpt) WITH 'You do not have the authorization to' 'access plant' ls_t001w-werks. ENDIF. ENDLOOP. * end of change - add custom code to check the authorization object ZFI_PLANT
This is a great document about the authorization concept in SAP.You can download here.
Some useful transaction to view the authorization objects
S_BCE_68001413 – Authorization Objects by Complex Selection Criteria
S_BCE_68001410 – By Object Name, Text
S_BCE_68001411 – By Object Class
S_BCE_68001412 – By Field, Text
These transactions location under below path in SAP menu: Tools -> Administration -> User Maintenance -> Information System -> Authorization Objects.
Hi,
Thanks a lots for such a nice documents with example.
it is really very helpfull.
Best Regards
Ruhela Sandeep