Show TOC

 Authorization Checks in Your Own DevelopmentsLocate this document in the navigation structure

Each time a transaction is started, the system automatically checks for authorization object S_TCODE. This check is also executed for any transactions that you created yourself.

If you use the Profile Generator to generate your authorization profiles automatically, the authorizations for the authorization object S_TCODE are contained in the profiles.

You can also add your own authorization checks to protect critical points in your ABAP programs.

Caution

If you call a transaction indirectly, that is from another transaction, the authorization check is not automatically performed. You must use transaction SE97 to set the check indicator check for the entry for the pair of calling and called transaction to ensure that the called transactions are also subject to an authorization check (see SAP Note 358122).

Adding Authorization Checks to Programs

In order to maintain authorization objects and fields, you need access to the authorization object Authorizations (S_USER_AUT).

To add authorization checks to programs, you need to do the following:

  1. Create an Authorization Field
  2. Create an Authorization Object
  3. Program Authorization Checks

    Use the ABAP AUTHORITY-CHECK statement. Specify alphabetic values in uppercase letters: ABC. Test values from user master records are converted to uppercase before being passed to AUTHORITY-CHECK.

    For more information, see the ABAP keyword documentation.