01-03-2005 9:24 PM
All,
What is the industry standard for checking Auth Object in a custom ABAP program? We put together a common function module to be called with various Org units (like CoCode, SalesOrg, Plant, PurGrp etc.,.) from the custom ABAP report. After we upgraded to 4.7, we are planning to move this function to a class. At this time, I would like to improve the process to adhere to the benchmark in the industry.
Any ideas?
I appreciate in advance.
Thanks,
Bala
01-03-2005 9:42 PM
Hi Bala,
There are several approaches you can take here but I am not sure if there is one standard way to do it. Every company has its own internal authority check processes and you will need to use them.
Some things to consider though are
Do you want to use standard SAP authority objects or your own custom objects?
Is it possible to categorize your custom developments into groups so that you can have fewer objects to create? Categories can be module based, type of program like interface(inbound or outbound), reports, dialog etc.
Does your custom programs run through custom transaction codes? If so, checking for that tcode could be one way. But if the program does several things like in interactive reports or dialog programs, you may want to further restrict users by action which could be create/delete/update/display/execute etc.
So, depending on the number of custom programs you have, the type of programs you have and the activities users can perform using those programs, you will need to come up with your own authorization check strategy.
Hope this helps.
Srinivas