Skip to Content
author's profile photo Former Member
Former Member

What is authorization object and how to create it for a table

Hi All,

What is authorization object and how to create it for a table?


Add a comment
10|10000 characters needed characters exceeded

Assigned Tags

Related questions

3 Answers

  • Posted on Jul 23, 2008 at 12:28 PM
    Add a comment
    10|10000 characters needed characters exceeded

  • author's profile photo Former Member
    Former Member
    Posted on Jul 23, 2008 at 12:31 PM



    For authorization checks, there are many ways of linking authorization objects with user actions in an SAP system. The following discusses three possibilities in the context of ABAP programming.

    Authorization Check for Transactions

    You can directly link authorization objects with transaction codes. You can enter values for the fields of an authorization object in the transaction maintenance. Before the transaction is executed, the system compares these values with the values in the user master record and only starts the transaction if the appropriate authorization exists.

    Authorization Check for ABAP Programs

    For ABAP programs, the two objects S_DEVELOP (program development and program execution) and S_PROGRAM (program maintenance) exist. They contains a field P_GROUP that is connected with the program attribute authorization group. Thus, you can assign users program-specific authorizations for individual ABAP programs.

    Authorization Check in ABAP Programs

    A more sophisticated, user-programmed authorization check is possible using the Authority-Check statement. It allows you to check the entries in the user master record for specific authorization objects against any other values. Therefore, if a transaction or program is not sufficiently protected or not every user that is authorized to use the program can also execute all the actions, this statement must be used.


    ID name1 FIELD f1

    ID name2 FIELD f2


    ID namen FIELD fn.

    object is the name of an authorization object. With name1, name2 ... , and so on, you must list all fields of the authorization object object. With f1, f2 ... , and so on, you must specify the values that the system is to check against the entries in the relevant authorization of the user master record. The AUTHORITY-CHECK statement searches for the specified object in the user profile and checks the useru2019s authorizations for all values of f1, f2 ... . You can avoid checking a field name1, name2 ... by replacing FIELD f1 FIELD f2 with DUMMY.

    After the FIELD addition, you can only specify an elementary field, not a selection table. However, there are function modules available that execute the AUTHORITY-CHECK statement for all values of selection tables. The AUTHORITY-CHECK statement is supported by a statement pattern.

    Only if the user has all authorizations, is the return value sy-subrc of the AUTHORITY-CHECK statement set to 0. The most important return values are:

    · 0: The user has an authorization for all specified values.

    · 4: The user does not have the authorization.

    · 8: The number of specified fields is incorrect.

    · 12: The specified authorization object does not exist.

    A list of all possible return values is available in the ABAP keyword documentation. The content of sy-subrc has to be closely examined to ascertain the result of the authorization check and react accordingly.

    REPORT demo_authorithy_check.

    PARAMETERS pa_carr LIKE sflight-carrid.

    DATA wa_flights LIKE demo_focc.



    ID 'CARRID' FIELD pa_carr

    ID 'ACTVT' FIELD '03'.

    IF sy-subrc = 4.

    MESSAGE e045(sabapdocu) WITH pa_carr.

    ELSEIF sy-subrc <> 0.

    MESSAGE e184(sabapdocu) WITH text-010.



    SELECT carrid connid fldate seatsmax seatsocc

    FROM sflight


    WHERE carrid = pa_carr.

    WRITE: / wa_flights-carrid,








    Add a comment
    10|10000 characters needed characters exceeded

  • author's profile photo Former Member
    Former Member
    Posted on Jul 23, 2008 at 12:38 PM
    Add a comment
    10|10000 characters needed characters exceeded

Before answering

You should only submit an answer when you are proposing a solution to the poster's problem. If you want the poster to clarify the question or provide more information, please leave a comment instead, requesting additional details. When answering, please include specifics, such as step-by-step instructions, context for the solution, and links to useful resources. Also, please make sure that you answer complies with our Rules of Engagement.
You must be Logged in to submit an answer.

Up to 10 attachments (including images) can be used with a maximum of 1.0 MB each and 10.5 MB total.