AUTHORITY-CHECK (ABAP Keyword)

AUTHORITY-CHECK (ABAP Keyword) introduction & Details

AUTHORITY-CHECK

Basic
form
AUTHORITY-CHECK OBJECT object
ID name1 FIELD f1
ID name2 FIELD
f2

ID name10 FIELD f10.

 

Effect
Explanation of IDs:
object
Field which contains the name of the object for which the authorization is to be
checked.
name1 … Fields which contain the names of the name10 authorization
fields defined in the object.
f1 … Fields which contain the values for
which the f10 authorization is to be checked.
AUTHORITY-CHECK checks for one
object whether the user has an authorization that contains all values of f (see
SAP authorization concept).
You must specify all authorizations for an object
and a also a value for each ID (or DUMMY ).
The system checks the values for
the ID s by AND-ing them together, i.e. all values must be part of an
authorization assigned to the user.
If a user has several authorizations for
an object, the values are OR-ed together. This means that if the CHECK finds all
the specified values in one authorization, the user can proceed. Only if none of
the authorizations for a user contains all the required values is the user
rejected.
If the return code SY-SUBRC = 0, the user has the required
authorization and may continue.

The return code is modified to suit the
different error scenarios. The return code values have the following
meaning:
4 User has no authorization in the SAP System for such an action. If
necessary, change the user master record.
8 Too many parameters (fields,
values). Maximum allowed is 10.
12 Specified object not maintained in the
user master record.
16 No profile entered in the user master record.
24
The field names of the check call do not match those of an authorization. Either
the authorization or the call is incorrect.
28 Incorrect structure for user
master record.
32 Incorrect structure for user master record.
36 Incorrect
structure for user master record.

If the return code value is 8 or
possibly 24, inform the person responsible for the program. If the return code
value is 4, 12, 15 or 24, consult your system administrator if you think you
should have the relevant authorization. In the case of errors 28 to 36, contact
SAP, since authorizations have probably been destroyed.
Individual
authorizations are assigned to users in their respective user profiles, i.e.
they are grouped together in profiles which are stored in the user master
record.

Note
Instead of ID name FIELD f , you can also write ID name
DUMMY . This means that no check is performed for the field concerned.
The
check can only be performed on CHAR fields. All other field types result in
‘unauthorized’.

Example
Check whether the user is authorized for a
particular plant. In this case, the following authorization object
applies:

Table OBJ : Definition of authorization
object

M_EINF_WRK
ACTVT
WERKS

Here, M_EINF_WRK is the object
name, whilst ACTVT and WERKS are authorization fields. For example, a user with
the authorizations

M_EINF_WRK_BERECH1
ACTVT 01-03
WERKS 0001-0003
.

can display and change plants within the Purchasing and Materials
Management areas.

Such a user would thus pass the
checks

AUTHORITY-CHECK OBJECT ‘M_EINF_WRK’
ID ‘WERKS’ FIELD
‘0002’
ID ‘ACTVT’ FIELD ’02’.

AUTHORITY-CHECK OBJECT
‘M_EINF_WRK’
ID ‘WERKS’ DUMMY
ID ‘ACTVT’ FIELD ’01’:

but would
fail the check

AUTHORITY-CHECK OBJECT ‘M_EINF_WRK’
ID ‘WERKS’
FIELD ‘0005’
ID ‘ACTVT’ FIELD ’04’.

To suppress unnecessary
authorization checks or to carry out checks before the user has entered all the
values, use DUMMY – as in this example. You can confirm the authorization later
with another AUTHORITY-CHECK .

More References