To do this, the programmer should create an authorization fields ( ACTVT and CUSTTYPE ) and assign for each field defined the value to be checked ( 02, B ). Authorization fields are created under Tools ® ABAP Workbench ® Development ® Other tools ® Authorization objects ® Fields (transaction SU20).

Programmers should also create an authorization object (here S_TRVL_BKS ) and assign the authorization object to an object class.

Authorization fields are created under Tools ® ABAP Workbench ® Development ® Other tools ® Authorization objects ® Objects (transaction SU21). Authorization objects can also be created in the Object Navigator (transaction SE80).

You program the authorization check using the ABAP statement AUTHORITY-CHECK .

The AUTHORITY-CHECK checks whether a user has the appropriate authorization to execute a particular activity.

When this happens, the system checks the authorization profiles in the user’s master record for the appropriate authorization object ( S_TRVL_BKS ). If the authorization is found and it contains the correct values, the check is successful.

The system administrator has defined the following authorizations for the authorization object S_TRVL_BKS :

• S_TRVL_CUS1 with the following values:

• S_TRVL_CUS2 with the following values:

User Miller has been assigned a profile containing both of these authorizations ( S_TRVL_CUS1 and S_TRVL_CUS2 ). Miller can therefore change bookings for business customers.

User Meyers on the other hand, is only authorized to display the records ( S_TRVL_CUS2 ) and therefore cannot change bookings.