Show TOC

Authorization Checks in Your Own DevelopmentsLocate this document in the navigation structure

Each time a transaction starts, the system automatically checks for authorization object S_TCODE. This check is also executed for any transactions that you created yourself.

Prerequisites

To maintain authorization objects and fields, you need access to the authorization object Authorizations (S_USER_AUT).

Context

If you use the Profile Generator to generate your authorization profiles automatically, the authorizations for the authorization object S_TCODE are contained in the profiles.

You can also add your own authorization checks to protect critical points in your ABAP programs.

Caution

If you call a transaction indirectly, that is from another transaction, the authorization check is not automatically performed. Use Maintain transaction call authorization in CALL TRANSACTION (transaction SE97) to set the check indicator check for the entry for the pair of calling and called transaction to ensure that the called transactions are also subject to an authorization check.

For more information, see SAP Note 358122 Information published on SAP site.

Procedure

  1. Create an authorization field.
  2. Create an authorization object.
  3. Program authorization checks.

    Use the ABAP AUTHORITY-CHECK statement. Specify alphabetic values in uppercase letters: ABC. Test values from user master records are converted to uppercase before being passed to AUTHORITY-CHECK.

    For more information, see the ABAP keyword documentation.

Related Information