Programming Authorization Checks
You, as a developer, want to make an authorization check before bookings for business customers can be changed.
Prerequisites
-
You have created authorization fields, for example ACTVT and CUSTTYPE, and assigned for each field defined the value to check, for example 02, B.
Use Edit Authorization Fields (transaction SU20).
-
You have created authorization objects, for example S_TRVL_BKS, and assigned the authorization object to an object class.
Use Maintain Authorization Objects (transaction SU21).
Procedure
AUTHORITY-CHECK OBJECT 'S_TRVL_BKS' ID 'ACTVT' FIELD '02' ID 'CUSTTYPE' FIELD 'B'. IF SY-SUBRC <> 0. MESSAGE E... ENDIF.
Results
AUTHORITY-CHECK checks whether a user has the appropriate authorization to execute a particular activity.
When this happens, the system checks the authorization profiles in the master record of the user for the appropriate authorization object (S_TRVL_BKS). If the authorization is found and it contains the correct values, the check is successful.
Example
For example: The system administrator has defined the following authorizations for the authorization object S_TRVL_BKS:
-
S_TRVL_CUS1 with the following values:
Authorization Field
Value
CUSTTYPE (Customer type)
*
ACTVT (Activity)
03
Users with this authorization can display all customer bookings (activity 03 = display).
-
S_TRVL_CUS2 with the following values:
Authorization Field
Value
CUSTTYPE (Customer type)
B
ACTVT (Activity)
02
Users with this authorization can change all business customers (activity 02 = change).
When assigning profiles, the system administrator gave different authorizations to different users.
User MILLER has been assigned a profile containing both of these authorizations (S_TRVL_CUS1 and S_TRVL_CUS2). MILLER can therefore change bookings for business customers.
User MEYERS is only authorized to display the records (S_TRVL_CUS1) and therefore cannot change bookings.