09-10-2007 10:26 AM
Hello Abapers,
Would you please help me out in answering this question
What is Authority-Check?
Regards,
Rizwana
09-10-2007 10:31 AM
09-10-2007 10:27 AM
Authorization Checks
To ensure that a user has the appropriate authorizations when he or she performs an action, users are subject to authorization checks.
The following actions are subject to authorization checks that are performed before the start of a program or table maintenance and which the SAP applications cannot avoid:
· Starting SAP transactions (authorization object S_TCODE)
· Starting reports (authorization object S_PROGRAM)
· Calling RFC function modules (authorization object S_RFC)
· Table maintenance with generic tools (S_TABU_DIS)
Regards,
Pavan
09-10-2007 10:29 AM
http://help.sap.com/saphelp_nw04s/helpdata/en/52/67129f439b11d1896f0000e8322d00/content.htm
http://www.sts.tu-harburg.de/teaching/sap_r3/ABAP4/authorit.htm
Check these links for further info...........
Regards,
Pavan
09-10-2007 10:31 AM
09-10-2007 10:31 AM
Hello,
AUTHORITY-CHECK
Basic form
<b>AUTHORITY-CHECK OBJECT object ID name1 FIELD f1
ID name2 FIELD f2
...
ID name10 FIELD f10.</b>
Effect
Explanation of IDs:
<b>object
Field which contains the name of the object for which the authorization is to be checked.
name1 ...
Fields which contain the names of the
name10
authorization fields defined in the object.
f1 ...
Fields which contain the values for which the
f10
authorization is to be checked.</b>
AUTHORITY-CHECK checks for one object whether the user has an authorization that contains all values of f (see SAP authorization concept).
You must specify all authorizations for an object and a also a value for each ID (or DUMMY).
The system checks the values for the IDs by AND-ing them together, i.e. all values must be part of an authorization assigned to the user.
If a user has several authorizations for an object, the values are OR-ed together. This means that if the CHECK finds all the specified values in one authorization, the user can proceed. Only if none of the authorizations for a user contains all the required values is the user rejected.
If the return code value in SY-SUBRC is 0, the user has the required authorization and may continue.
The return code value changes according to the different error scenarios
Reward if helpful,
Regards,
LIJO
09-10-2007 12:52 PM
Hi,
To check the authorization of the user of an ABAP program, use the AUTHORITY-CHECK statement:
AUTHORITY-CHECK OBJECT '<object>'
ID '<name1>' FIELD <f1>
ID '<name2>' FIELD <f2>
.............
ID '<name10>' FIELD <f10>.
<object> is the name of the object that you want to check. You must list the names (<name1>,
<name2> ...) of all authorization fields that occur in <object>. You can enter the values <f1>,
<f2>.... for which the authorization is to be checked either as variables or as literals. The AUTHORITY-CHECK statement checks the users profile for the listed object, to see whether the user has authorization for all values of <f>. Then, and only then, is SY-SUBRC set to 0. You can avoid checking a field by replacing FIELD <f> with DUMMY. You can only evaluate the result of the authorization check by checking the contents of SY-SUBRC. For a list of the possible return values and further information, see the keyword documentation for the AUTHORITY-CHECK statement. For further general information about the SAP authorization concept, refer to Users and Authorizations.
There is an authorization object called F_SPFLI. It contains the fields ACTVT,
NAME, and CITY.
SELECT * FROM SPFLI.
AUTHORITY-CHECK OBJECT 'F_SPFLI'
ID 'ACTVT' FIELD '02'
ID 'NAME' FIELD SPFLI-CARRID
ID 'CITY' DUMMY.
IF SY-SUBRC NE 0. EXIT. ENDIF.
ENDSELECT.
If the user has the following authorizations for F_SPFLI:
ACTVT 01-03, NAME AA-LH, CITY none, and the value of SPFLI-CARRID is not between AA and LH, the authorization check terminates the SELECT loop.
Regards,
Bhaskar