Authorization Checks in Configuration/Personalization 

Each Web Dynpro ABAP application should be able to be personalized or configured. There are two variants of personalization – one for the administrator and one for the end user. The end user has limited personalization options, whereas the administrator can change almost all the properties of screen elements.

Different authorization checks are made at various configuration or personalization levels:

●      End User Personalization

No authorization check is made here.

●      Administrator Personalization

Authorization check on S_WDR_P13N (see below).

●      Configuration

Authorization check on S_DEVELOP (see below).

You can find the personalization options for the UI elements offered to the end user and to the administrator  in the documentation on the properties of UI elements (see Reference).

S_DEVELOP

When the configuration editor is started, the environment authorization is checked using authorization object S_DEVELOP (developer authorization). If this authorization has been assigned to the user in the user profile, he or she is allowed to carry out all actions, including, Customization, personalization and configuration.

If the application is called at runtime in the administrator mode using URL parameter sap-config-mode=X, the user needs authorization S_DEVELOP or S_WDR_P13N.

S_WDR_P13N

If authorization object S_DEVELOP is not assigned to the user, authorization object S_WDR_P13N is checked for. S_WDR_P13N provides authorization at administrator level to personalize if the user has no developer authorization.

Authorization object S_WDR_P13N should be set by the application if it is required.

Authorization object S_WDR_P13N contains the following fields:

●      OBJNAME

Name of the Web Dynpro ABAP application. This allows you to restrict the applications which the user can personalize at administrator level. If no restrictions are needed, enter *.