Authorization Enforcement

Authorization enforcement consists of three major activities:

1. Definition of the authorization-relevant attributes (for example, authorization object fields): The application developer defines the fields that are relevant for an authority check (for example, the type of a business document).
2. Configuration of the end user authorizations (for example, by roles): An administrator configures the user-specific values related to authorization-relevant fields (for example, which product types can be edited by a certain end user).
3. Authorization check (for example, in ABAP authority check): The runtime working with data has to match the user authorizations against the requested access to business data in order to restrict data to the allowed data subset.