Scenario-based authorization checks enable you, as a developer, to enhance delivered
software with alternative authorization checks for authorization objects in different use
cases.
Prerequisites
You have a user with the required authorizations.
Context
Adding scenarios enables you to enhance your application without completely
disrupting your current processes, giving you time to plan for a redesign.
Some reasons why you must build such a scenario in your application include the
following:
-
When you created your application, you did not cover all possible
cases.
-
New legal requirements force you to update your application.
-
New technical advances provide the means to bypass by your existing
security concept.
Recommendation
We continue to recommend the direct usage of
AUTHORITY-CHECK.
Procedure
- In your application, perform your authorization checks with the method
AUTH_CHECK_SPEC of the class
CL_SACF. In the method call, define
the scenario names and the authorization objects and values to check for each
scenario.
For an example of an implementation of
CL_SACF=>AUTH_CHECK_SPEC, see report
SACF_TEST_CASE.
- Create scenario definitions corresponding to your method calls.
Scenario definitions are workbench objects you transport with your application. System
administrators can decide how to react to the authorization checks in their
systems and transport the active scenarios through the landscape.
- Create active versions of your scenarios to test the solution.
- Return the authorization objects from the tests of the active scenarios to the
scenario definitions.
- Transport your finished development objects.