Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

authorization check

Go to solution
Former Member

‎06-12-2008 5:11 PM

0 Kudos

Hi,

i do Enhancement for BW and my customer tell me that he

wont to check if user have authorization to watch the data.

1. i can do that in Enhancement ?

2. what i have to check ,

i see the code :

AUTHORITY-CHECK OBJECT object

ID name1 FIELD f1

ID name2 FIELD f2

...

ID name10 FIELD f10.

what i have to put in object and what in name1 & and name2....

Regards

1 ACCEPTED SOLUTION

Go to solution
former_member705122
Active Contributor

‎06-12-2008 5:24 PM

0 Kudos

Hi Cosmos,

To check the authorization of the user of an ABAP program, use the AUTHORITY-CHECK statement:

AUTHORITY-CHECK OBJECT '<object>'

ID '<name1>' FIELD <f1>

ID '<name2>' FIELD <f2>

.............

ID '<name10>' FIELD <f10>.

<object> is the name of the object that you want to check. You must list the names (<name1>, <name2> ...) of all authorization fields that occur in <object>. You can enter the values <f 1 >, <f 2 >.... for which the authorization is to be checked either as variables or as literals. The AUTHORITY-CHECK statement checks the useru2019s profile for the listed object, to see whether the user has authorization for all values of <f>. Then, and only then, is SY-SUBRC set to 0. You can avoid checking a field by replacing FIELD <f> with DUMMY. You can only evaluate the result of the authorization check by checking the contents of SY-SUBRC. For a list of the possible return values and further information, see the keyword documentation for the AUTHORITY-CHECK statement. For further general information about the SAP authorization concept, refer to Users and Authorizations.

SELECT * FROM SPFLI.

AUTHORITY-CHECK OBJECT 'F_SPFLI'

ID 'ACTVT' FIELD '02'

ID 'NAME' FIELD SPFLI-CARRID

ID 'CITY' DUMMY.

IF SY-SUBRC NE 0. EXIT. ENDIF.

ENDSELECT.

If the user has the following authorizations for F_SPFLI:

ACTVT 01-03, NAME AA-LH, CITY none,

and the value of SPFLI-CARRID is not between "AA" and "LH", the authorization check terminates the SELECT loop.

I think you have already gone through this below links:

http://help.sap.com/saphelp_nw04/helpdata/en/9f/dbaccb35c111d1829f0000e829fbfe/content.htm

http://abapprogramming.blogspot.com/2008/03/abap-synteax-for-authority-check.html

http://sap.ionelburlacu.ro/sap0/abap018.htm

Regards

Adil

6 REPLIES 6

Go to solution
Former Member

‎06-12-2008 5:17 PM

0 Kudos

object is the name of the authorization object.

name1, name2, ... are the fields of the authorization object.

f1, f2, ... are possible values for authorization.

The DUMMY parameter indicates that there is no need to verify that field.

If SY-SUBRC = 0 authorized user

If SY-SUBRC <> 0 unauthorized users

Go to solution
Former Member
In response to Former Member

‎06-12-2008 6:47 PM

0 Kudos

Hi Alvaro Giancarl,

thanks,

u think i can do it in user-exit, i have to do it for bw system?

Regards

Go to solution
Former Member

‎06-12-2008 5:21 PM

0 Kudos

Is there a transaction code associated with the process that you want to do the authority check on?

Go to solution
former_member705122
Active Contributor

‎06-12-2008 5:24 PM

0 Kudos

Hi Cosmos,

To check the authorization of the user of an ABAP program, use the AUTHORITY-CHECK statement:

AUTHORITY-CHECK OBJECT '<object>'

ID '<name1>' FIELD <f1>

ID '<name2>' FIELD <f2>

.............

ID '<name10>' FIELD <f10>.

<object> is the name of the object that you want to check. You must list the names (<name1>, <name2> ...) of all authorization fields that occur in <object>. You can enter the values <f 1 >, <f 2 >.... for which the authorization is to be checked either as variables or as literals. The AUTHORITY-CHECK statement checks the useru2019s profile for the listed object, to see whether the user has authorization for all values of <f>. Then, and only then, is SY-SUBRC set to 0. You can avoid checking a field by replacing FIELD <f> with DUMMY. You can only evaluate the result of the authorization check by checking the contents of SY-SUBRC. For a list of the possible return values and further information, see the keyword documentation for the AUTHORITY-CHECK statement. For further general information about the SAP authorization concept, refer to Users and Authorizations.

SELECT * FROM SPFLI.

AUTHORITY-CHECK OBJECT 'F_SPFLI'

ID 'ACTVT' FIELD '02'

ID 'NAME' FIELD SPFLI-CARRID

ID 'CITY' DUMMY.

IF SY-SUBRC NE 0. EXIT. ENDIF.

ENDSELECT.

If the user has the following authorizations for F_SPFLI:

ACTVT 01-03, NAME AA-LH, CITY none,

and the value of SPFLI-CARRID is not between "AA" and "LH", the authorization check terminates the SELECT loop.

I think you have already gone through this below links:

http://help.sap.com/saphelp_nw04/helpdata/en/9f/dbaccb35c111d1829f0000e829fbfe/content.htm

http://abapprogramming.blogspot.com/2008/03/abap-synteax-for-authority-check.html

http://sap.ionelburlacu.ro/sap0/abap018.htm

Regards

Adil

Go to solution
Former Member
In response to former_member705122

‎06-12-2008 6:58 PM

0 Kudos

Hi Syed Abdul Adil ,

thanks ,

i understand that i have to put object name in :

AUTHORITY-CHECK OBJECT '<object>'

but what i have to put in:

ID '<name1>' FIELD <f1>

ID '<name2>' FIELD <f2> ?

where i can find it?

Best Regards

Go to solution
Former Member
In response to former_member705122

‎06-12-2008 7:03 PM

0 Kudos

Table TSTCA holds the information for transactions.