| What is the use of Authorization
Checks
To ensure that a user has the appropriate authorizations
when he or she performs an action, users are subject to authorization checks.
The following actions are subject to authorization checks
that are performed before the start of a program or table maintenance and
which the SAP applications cannot avoid:
-
Starting SAP transactions (authorization object S_TCODE)
-
Starting reports (authorization object S_PROGRAM)
-
Calling RFC function modules (authorization object S_RFC)
-
Table maintenance with generic tools (S_TABU_DIS)
In coming posts, we will see how to add authorization checks
for Reports and transactions.
Purpose of assigning authorization groups for tables:
-
You can assign authorization groups to tables to avoid users
accessing tables using general access tools (such as transaction SE16).
A user requires not only authorization to execute the tool, but must also
have authorization to be permitted to access tables with the relevant group
assignments. For this case, we deliver tables with predefined assignments
to authorization groups. The assignments are defined in table TDDAT; the
checked authorization object is S_TABU_DIS.
Now we will see how to assign/create authorization group
for a table:
Go to SE54, Give the table name and choose authorization
group and then click on create/change. You can create an authorization
group.
Example:
You can assign a table to authorization group Z001. (Use
transaction SM30 for table TDDAT) A user that wants to access this table
must have authorization object S_TABU_DIS in his or her profile with the
value Z001 in the field DICBERCLS (authorization group for ABAP Dictionary
objects).
Authorization Check:
In the earlier post, we came to know the importance of
authorization check in real time environment. We know how to check authorization
for table maintenance.
Now we will see how to check authorization for Reports,
Transactions, RFC function modules.
The following actions are subject to authorization checks
that are performed before the start of a program or table maintenance and
which the SAP applications cannot avoid:
-
Starting SAP transactions (authorization object S_TCODE)
-
Starting reports (authorization object S_PROGRAM)
-
Calling RFC function modules (authorization object S_RFC)
-
Table maintenance with generic tools (S_TABU_DIS)
The authorization objects S_TCODE, S_PROGRAM, S_RFC, and
S_TABU_DIS are standard SAP provided.
Creating a new authorization object is not in the scope
of ABAP developer. It will be taken care by SAP BASIS team.
To add authorization check to your program, you need to
add the following code in your report. Imagine that you have created a
transaction code for your report, then
you should use the authorization object S_TCODE to check
the authorization.
You can place the code in initialization event.
*Initialization
INITIALIZATION.
AUTHORITY-CHECK OBJECT 'S_TCODE'
ID 'TCD' FIELD 'ZEXAMPLE'.
IF sy-subrc <> 0. "Not Authorized
MESSAGE e003(ZZ) WITH 'TCD' 'ZEXAMPLE'.
ENDIF.
More Abapers Questions:
ABAP Books List
ABAP/4 Certification,
Programming and Object Oriented Programming Books
Smart Forms
SAP Smartforms
ABAP Menu:
ABAP Example Hints
and Tips
Return to Index:-
SAP ABAP/4 Programming,
Basis Administration, Configuration Hints and Tips
(c) www.gotothings.com All material on this site is Copyright.
Every effort is made to ensure the content integrity.
Information used on this site is at your own risk.
All product names are trademarks of their respective
companies. The site www.gotothings.com is in no way affiliated with
SAP AG.
Any unauthorised copying or mirroring is prohibited.
|