ABAP AUTHORIZATION CONCEPT

ABAP AUTHORIZATION CONCEPT

  • Describe SAP Authorization Concept
  • Adding authorization checks to programs using AUTHORITYCHECK statement

Authorization Concept

  •  The SAP authorization concept was developed to protect transactions, programs, and services in SAP systems from unauthorized access.
  • The administrator (usually from BASIS) assigns authorizations to users that determine which actions (transactions/programs) a user can execute in the SAP system.
  • The authorizations represent instances of generic authorization objects and are defined by the activity and responsibilities of the employee.

Adding Authorization Checks to Programs

  • It is almost always a good practice to add authority checks to your custom developed programs.
  • To add authorization checks to programs, you need to do the following:
  1.  Determine the Authorization Field/s
  2.  Determine the Authorization Object/s
  3.  Add Authorization Checks in your program
Use the ABAP AUTHORITY-CHECK statement. Specify alphabetic
values in uppercase letters.

Determine Authorization Fields and Objects

The authorization objects and authorization fields together with
their corresponding values must be provided in the functional
design or as required by the basic security team. You can see the
list of authorization objects by accessing transaction SU21.

Determine Authorization Fields and Objects
Determine Authorization Fields and Objects
You can display the authorization fields of the authorization object by
double clicking on it. For example, we double clicked on the
authorization object F_BKPF_BUK

F_BKPF_BUK
F_BKPF_BUK
To display the possible values for the ACTVT field, you can click
on the button ‘Permitted Activities’.

Permitted Activities
Permitted Activities

Add Authorization Check In the Program

To add authorization check in the program, we use the syntax:
AUTHORITY-CHECK OBJECT auth_object
ID id1 FIELD val1
ID id2 FIELD val2
.
.
.
ID idn FIELD valn
Where auth_object = authorization objects
id1 to idn = authorization fields
val1 to valn = value to be checked if maintained
for user


Example:


Suppose that the requirement is to verify if the user has
authorization maintained for authorization object F_BKPF_BUK
to display for the company code parameter in the selection
screen. Our code will look like this:

Code
Code

When this fails (sy-subrc is not zero), the error message will be
displayed:

Code
Code

Comments

Post a Comment

Popular posts from this blog

SAP ABAP SELECT STATEMENT

Image
Module Objectives •Explain database Tables / data browser •Use the SELECT statement and the WHERE clause •Describe the SELECT SINGLE statement •Explain the ORDER BY addition •Describe retrieving individual columns •Exclude duplicate records during selection •Describe the SELECT statement syntax •Define aggregate expressions •Familiarization with ABAP 7.40 select statement new features •Discuss performance and best practices •SQL Console SELECT Statement - Basic Form the select statement is very simple in ABAP, we just use Keyword SELECT the we specified all columns of the table which we want to get we use * to show all columns with FROM keyword we specified the table. then we use a variable which will hold the result of the table and, in the end, we use ENDSELECT  to end the select query. Select Query Selecting specific fields from database table Selecting specific fields from database table Inline Declaration after INTO for ABAP 7.40 instead of defining all the fields in ABAP 7.40 w
Read more

SAP ADOBE FORMS

Image
PDF-based print forms are a part of the Interactive Forms based on Adobe software package solution and are used for mass printing in SAP systems. as well as normal output on printers, and also the choice of archiving documents, you'll be able to additionally use your application to send a PDF to the Business Communication Services (BCS). Here, you've got the choice of faxing or e-mailing your documents. The following provides you a summary of how a PDF-based print kind is structured and additionally tells you the way to create a PDF-based print from within the development setting of the ABAP work bench. The integrated Adobe LiveCycle Designer software system supports you after you do that. This software system should be put in on your forepart before you'll be able to produce a layout. to visualize a print preview of your kind, you initially got to install Adobe Reader or an entire version of Adobe athlete. This documentation doesn't discuss however documents are wri
Read more