Defining an Authorization Check 

Selektionsbildverarbeitung

Transaction TZ80 contains an example of how to include an authorization check in a program.

This example from the flight reservation system consists of two screens. On the first screen, the user can enter data and request details of the flight by choosing Display. Alternatively, the user can change the data by choosing Change.

The authorization object S_CARRID is allocated to Transaction TZ80. This authorization object contains two fields. Generic values can be entered in the first field Airline carrier. In the second field Activity you can choose between create (01), change (02) and display (03).

When you have programmed a new transaction, you can specify an authorization object in the definition of the transaction code. Next to the entry field for the authorization object is a pushbutton labeled Values.

In order to be able to start Transaction TZ80, you need an authorization in your user master record for the object S_CARRID containing the value Display (03) for the field Activity, and any value for the field Airline carrier (such as ‘*’).

Maintenance of standard transaction variant allowed means that it is possible to create a default variant for the transaction. For further information, refer to the online manual for Transaction SHD0.

A more sophisticated authorization check is possible using the Authority-Check statement.

Within Transaction TZ80 you can only display and change flight data if you have the appropriate authorization in your user master record for the authorization object S_CARRID.

*&------------------------------------------------------------*

*&      Module  USER_COMMAND_0100  INPUT

*&------------------------------------------------------------*

MODULE USER_COMMAND_0100 INPUT.
  CASE OK_CODE.
    WHEN 'SHOW'.
   AUTHORITY-CHECK OBJECT 'S_CARRID'
ID 'CARRID' FIELD '*'
ID 'ACTVT'  FIELD '03'.

   IF SY-SUBRC NE 0. MESSAGE E009. ENDIF.
   MODE = CON_SHOW.
   SELECT SINGLE * FROM  SPFLI
    WHERE  CARRID      = SPFLI-CARRID
    AND    CONNID      = SPFLI-CONNID.
   IF SY-SUBRC NE 0.
MESSAGE E005 WITH SPFLI-CARRID SPFLI-CONNID.
   ENDIF.
   CLEAR OK_CODE.
   SET SCREEN 200.
    WHEN 'CHNG'.
   AUTHORITY-CHECK OBJECT 'S_CARRID'
ID 'CARRID' FIELD '*'
ID 'ACTVT'  FIELD '02'.
   IF SY-SUBRC NE 0. MESSAGE E010. ENDIF.
   MODE = CON_CHANGE.
   SELECT SINGLE * FROM  SPFLI
    WHERE  CARRID      = SPFLI-CARRID
    AND    CONNID      = SPFLI-CONNID.
   IF SY-SUBRC NE 0.
     MESSAGE E005 WITH SPFLI-CARRID SPFLI-CONNID.
   ENDIF.
   OLD_SPFLI = SPFLI.
   CLEAR OK_CODE.
   SET SCREEN 200.
  ENDCASE.
ENDMODULE.                 " USER_COMMAND_0100  INPUT

If you choose the Display function in the transaction, the AUTHORITY-CHECK statement checks for the value ‘03’ in the ACTVT field in the S_CARRID authorization object. If you choose the Change function, then the value ‘02’ has to be present in the ACTVT field.

For further information about setting up authorizations in user master records, refer to Users and Authorizations.