Applying Multiple Authority-checks in ABAP Program

1
467

Multiple Authority-checks mainly depends on hierarchy of Authorizations apart from its dependency on the way programmer handles it.

sap_auth_check

Multiple Authority-checks can be of two types depending upon the programming logic and needs.


(a) A programmer can suppose, that if the first AUTHORITY-CHECK fails, the program shouldn’t test the others, but try to elaborate the next data:
LOOP AT ITAB.

   AUTHORITY-CHECK OBJECT <OBJ>
ID <FIELD> FIELD <VALUE>.
IF SY-SUBRC  0.
CONTINUE. ” Check next record
ELSE.
AUTHORITY-CHECK OBJECT <OBJ2>
ID <FIELD> FIELD <VALUE>.
IF SY-SUBRC  0.
CONTINUE. ” Check next record
ELSE.
AUTHORITY-CHECK OBJECT <OBJ3>
ID <FIELD> FIELD <VALUE>.
IF SY-SUBRC  0.
… Commands/Processing …
ENDIF.
ENDIF.
ENDIF.
ENDLOOP.

In this situation it’s very important the user has all authorization objects of course.

(b) In AUTHORITY-CHECK OBJECT statament only one value can be checked. So it can checks if the user has 02 or 03, not both together.

So if you give 02, the AUTHORITY-CHECK will work for 02 only.

Anway the developer can skip the check for a certain fields of a an authority object

AUTHORITY-CHECK OBJECT <OBJ>
ID ………………………………….
ID ACTIVITY FIELD DUMMY.

In this situation the authority-check is not dependent on value of activity.

1 COMMENT

LEAVE A REPLY