To do this, the programmer must create activity fields ( ACTVT and CUSTTYPE ) and assign a value to be checked ( 02 and B ) for each field, by choosing Tools ® ABAP Workbench ® Development ® Other Tools ® Authorization Objects ® Fields. For more information, see Creating Authorization Fields.

In addition, the programmer must create an authorization object ( S_TRVL_BKS ) by choosing ® Tools ® ABAP Workbench ® Development® Other tools® Authorization objects ® Objects (For more information, see Creating an Authorization Object and Assigning an Authorization Object to an Object Class).

You program the authorization check using the ABAP statement AUTHORITY-CHECK .

The AUTHORITY-CHECK checks whether a user has the appropriate authorization to execute a particular activity.

When this happens, the system checks the authorization profiles in the user’s master record for the appropriate authorization object ( S_TRVL_BKS ). If the authorization is found and it contains the correct values, the check is successful.

The system administrator has defined the following authorizations for the authorization object S_TRVL_BKS :

• S_TRVL_CUS1 with the following values:

• S_TRVL_CUS2 with the following values:

User Miller has been assigned a profile containing both of these authorizations ( S_TRVL_CUS1 and S_TRVL_CUS2 ). Miller can therefore change bookings for business customers.

User Meyers on the other hand, is only authorized to display the records ( S_TRVL_CUS2 ) and therefore cannot change bookings.