ABAP AUTHORIZATION CONCEPT
ABAP AUTHORIZATION CONCEPT
- Describe SAP Authorization Concept
- Adding authorization checks to programs using AUTHORITYCHECK statement
Authorization Concept
- The SAP authorization concept was developed to protect transactions, programs, and services in SAP systems from unauthorized access.
- The administrator (usually from BASIS) assigns authorizations to users that determine which actions (transactions/programs) a user can execute in the SAP system.
- The authorizations represent instances of generic authorization objects and are defined by the activity and responsibilities of the employee.
Adding Authorization Checks to Programs
- It is almost always a good practice to add authority checks to your custom developed programs.
- To add authorization checks to programs, you need to do the following:
- Determine the Authorization Field/s
- Determine the Authorization Object/s
- Add Authorization Checks in your program
Use the ABAP AUTHORITY-CHECK statement. Specify alphabetic
values in uppercase letters.
Determine Authorization Fields and Objects
The authorization objects and authorization fields together with
their corresponding values must be provided in the functional
design or as required by the basic security team. You can see the
list of authorization objects by accessing transaction SU21.
Determine Authorization Fields and Objects |
You can display the authorization fields of the authorization object by
double clicking on it. For example, we double clicked on the
authorization object F_BKPF_BUK
F_BKPF_BUK |
To display the possible values for the ACTVT field, you can click
on the button ‘Permitted Activities’.
Permitted Activities |
Add Authorization Check In the Program
To add authorization check in the program, we use the syntax:
Where auth_object = authorization objectsAUTHORITY-CHECK OBJECT auth_objectID id1 FIELD val1ID id2 FIELD val2...ID idn FIELD valn
id1 to idn = authorization fields
val1 to valn = value to be checked if maintained
for user
Example:
Suppose that the requirement is to verify if the user has
authorization maintained for authorization object F_BKPF_BUK
to display for the company code parameter in the selection
screen. Our code will look like this:
Code |
displayed:
Code |
Thanks for Sharing this Information. SAP Dynpro Institute in Gurgaon
ReplyDeleteSAP ABAP Course in Gurgaon
ReplyDelete