Authorization Checks for Standard Texts
SAPscript supports authorization checks only for standard texts. These are texts with the text object TEXT, which are edited using transaction SO10. To call this transaction, choose Tools → Word processing → Standard text.
The authorization object is S_SCRP_TEXT, with the fields
TEXTNAME |
Name of the standard text |
TEXTID |
ID of the standard text |
LANGUAGE |
Language key of the standard text |
ACTVT |
Activity |
For TEXTNAME, TEXTID, and LANGUAGE, you can enter single values, intervals, and generic entries, if allowed as authorization values.
For the activity, SAPscript distinguishes between display and change only.
The authorization for changing a standard text does not automatically imply the authorization for displaying it. If you want a user to both display and change a text, you must allocate authorizations for both activities.
SAPscript executes a create/change or display authorization check when the transaction SO10 is called. To include a standard text into another using Include → Text → Standard... in the editor, the user needs only display authorization. The same applies if the user includes standard texts using the control statement INCLUDE. The system executes the check when processing the text module for output.
If the user has no authorization, the system ignores the INCLUDE statement. If an INCLUDE statement in the form specifies a standard text to be included into the output, the system does not execute a check.
To check whether a user has authorizations for standard texts, use the function module CHECK_TEXT_AUTHORITY.
Authorization Checks for Other Texts
For texts allocated to an object other than TEXT, SAPscript does not execute authorization checks. Since these texts are usually allocated to business application objects, SAPscript assumes that the application program checks whether the user is authorized to use the object. If a user is authorized to display a material, this implies the authorization to display the texts allocated to this material. If you want these texts to be independent of the object authorization, you must define new authorization objects for the texts and include an appropriate authorization check call into the application program.