When you access sequential files on the application server using the following statements
· OPEN DATASET
· READ DATASET
· TRANSFER
· DELETE DATASET
the system automatically checks the user’s authorization against the authorization object S_DATASET.
This object allows you to assign authorization for particular files from particular programs. You can also assign the authorization to use operating system commands as a file filter.
Do not use S_DATASET to control general access rights to files from ABAP, or user-dependent authorization checks. Instead, use table SPTH (see also General Checks for Accessing Files).
The object S_DATASET consists of the following fields:
· ABAP program name
Name of the ABAP program from which access is allowed. This allows you to restrict file access to a few programs specifically for that task.
· Activity
Possible values are:
Read file normally
Write to or delete file normally
Read file with filter (operating system command)
Write to file with filter (operating system command)
· File Name
Name of the operating system file. This allows you to restrict the files to which the user has access.
For more information about authorization objects, refer to the Users and Rolesdocumentation.
If the result of the automatic authorization check is negative, a runtime error occurs.
You should therefore check the authorization in your ABAP program before accessing the file using the function module AUTHORITY_CHECK_DATASET.
This function module allows you to check whether the user is authorized to access a file before the system tries to open it. This preempts a possible runtime error that can otherwise occur in the automatic authorization check.
The function module has the following import parameters:
· PROGRAM
Name of the ABAP program from which the file is to be opened. If you do not specify a program name, the system assumes the current program.
· ACTIVITY
Access type, with the following possible values:
¡ Read file
¡ Change file
¡ READ_WITH_FILTER
¡ WRITE_WITH_FILTER
¡ Delete file
These values are defined as constants in the type group SABC as follows:
TYPE-POOL SABC .
CONSTANTS:
SABC_ACT_READ(4)
VALUE 'READ',
SABC_ACT_WRITE(5) VALUE
'WRITE',
SABC_ACT_READ_WITH_FILTER(16) VALUE
'READ_WITH_FILTER',
SABC_ACT_WRITE_WITH_FILTER(17) VALUE 'WRITE_WITH_FILTER',
SABC_ACT_DELETE(6)
VALUE 'DELETE',
SABC_ACT_INIT(4)
VALUE 'INIT',
SABC_ACT_ACCEPT(6)
VALUE 'ACCEPT',
SABC_ACT_CALL(4)
VALUE 'CALL'.
· FILENAME
Name of the file that you want to access.
TYPE-POOLS SABC.
.....
CALL FUNCTION 'AUTHORITY_CHECK_DATASET'
EXPORTING PROGRAM =
SY-REPID
ACTIVITY
= SABC_ACT_READ
FILENAME
= '/tmp/sapv01'
EXCEPTIONS NO_AUTHORITY =
1
ACTIVITY_UNKNOWN
= 2.
......
This function module call finds out whether the current program may access the file ‘/tmp/sapv01’.