Performing Authorization Checks Based on Scenarios

Scenario-based authorization checks enable you, as a developer, to enhance delivered software with alternative authorization checks for authorization objects in different use cases.

Prerequisites

You have a user with the required authorizations.

Context

Adding scenarios enables you to enhance your application without completely disrupting your current processes, giving you time to plan for a redesign.

Some reasons why you must build such a scenario in your application include the following:

When you created your application, you did not cover all possible cases.
New legal requirements force you to update your application.
New technical advances provide the means to bypass by your existing security concept.

Recommendation

We continue to recommend the direct usage of AUTHORITY-CHECK.

Procedure

In your application, perform your authorization checks with the method AUTH_CHECK_SPEC of the class CL_SACF. In the method call, define the scenario names and the authorization objects and values to check for each scenario.

For an example of an implementation of CL_SACF=>AUTH_CHECK_SPEC, see report SACF_TEST_CASE.
Create scenario definitions corresponding to your method calls.

Scenario definitions are workbench objects you transport with your application. System administrators can decide how to react to the authorization checks in their systems and transport the active scenarios through the landscape.
Create active versions of your scenarios to test the solution.
Return the authorization objects from the tests of the active scenarios to the scenario definitions.
Transport your finished development objects.