Authorization Checks Authorization Checks
When a transaction is started, a system program executes various checks to ensure the user has the correct authorizations.
The authorization object S_TCODE (transaction start) contains the field TCD (transaction code). The user must have an authorization containing a value for the selected transaction code.
If one of the above checks fails, the transaction is not started, and the system displays a corresponding message.
If the transaction is started, an ABAP program is usually called by the transaction to make other authorization checks using the statement
AUTHORITY-CHECK .Authorization checks are triggered by the ABAP statement
AUTHORITY-CHECK . The programmer specifies an authorization object and the required values for each authorization field.AUTHORITY-CHECK
checks whether a user has appropriate authorization. To do this, it searches in the specified authorization profile in the user master record to see whether the user has authorization for the authorization object specified in the command.If the authorization is found and it contains the correct values, the check is successful.
When SAP transactions are executed, a large number of
Authorization Objects are often checked, since the transaction calls other work areas in the background. In order for these checks to be executed successfully, the user in question must have the appropriate authorizations. This results in some users having more authorizations than they strictly need. It also leads to an increased maintenance workload. You can deliberately disable such authorization checks by setting the Check Status in transaction SU24.For information about transporting globally deactivated authorization checks, see
Globally Deactivating Authorization Checks.