When you access sequential files on the application server using the following statements:
the system automatically checks the user’s authorization against the authorization object S_DATASET.
This object allows you to assign authorization for particular files from particular programs. You can also assign the authorization to use operating system commands as a file filter.
Do not use S_DATASET to control general access rights to files from ABAP, or user-dependent authorization checks. Instead, use table SPTH (see also
The Authorization Object S_DATASET
The object S_DATASET consists of the following fields:
·
ABAP program nameName of the ABAP program from which access is allowed. This allows you to restrict file access to a few programs specifically for that task.
·
ActivityThe possible values are:
33: Read file normally
34: Write to or delete file normally
A6: Read file with filter (operating system command)
A7: Write to file with filter (operating system command)
·
File nameName of the operating system file. This allows you to restrict the files to which the user has access.
For more information about authorization objects, refer to the Users and Authorizations documentation.
If the result of the automatic authorization check is negative, a runtime error occurs.
You should therefore check the authorization in your ABAP program before accessing the file using the function module AUTHORITY_CHECK_DATASET.
The Function Module AUTHORITY_CHECK_DATASET
This function module allows you to check whether the user is authorized to access a file before the system tries to open it. This preempts a possible runtime error that can otherwise occur in the automatic authorization check.
The function module has the following import parameters:
Name of the ABAP program from which the file is to be opened. If you do not specify a program name, the system assumes the current program.
Access type, with the following possible values:
-
READ: Read file-
WRITE: Change file-
READ_WITH_FILTER: Read file using filter functions-
WRITE_WITH_FILTER: Change file using filter functions-
DELETE: Delete fileThese values are defined as constants in the type group SABC as follows:
TYPE-POOL SABC .
CONSTANTS:
SABC_ACT_READ(4) VALUE 'READ',
SABC_ACT_WRITE(5) VALUE 'WRITE',
SABC_ACT_READ_WITH_FILTER(16) VALUE 'READ_WITH_FILTER',
SABC_ACT_WRITE_WITH_FILTER(17) VALUE 'WRITE_WITH_FILTER',
SABC_ACT_DELETE(6) VALUE 'DELETE',
SABC_ACT_INIT(4) VALUE 'INIT',
SABC_ACT_ACCEPT(6) VALUE 'ACCEPT',
SABC_ACT_CALL(4) VALUE 'CALL'.
Name of the file that you want to access.
TYPE-POOLS SABC.
.....
CALL FUNCTION 'AUTHORITY_CHECK_DATASET'
EXPORTING PROGRAM = SY-REPID
ACTIVITY = SABC_ACT_READ
FILENAME = '/tmp/sapv01'
EXCEPTIONS NO_AUTHORITY = 1
ACTIVITY_UNKNOWN = 2.
......
This function module call finds out whether the current program may access the file ‘/tmp/sapv01’.