Authority-Check
This post talks about the program level mechanism to implement a check for a particular authorization object. SAP Business applications are coded in the SAP proprietary language, ABAP. All transactions call ABAP programs at the back-end and it is this code which is responsible for checking security.
The security check for an authorization object is through the standard ABAP construct “AUTHORITY-CHECK”. The actual form of this statement is given below for checking display access (ACTVT 03) to a table belonging to particular table authorization group (DIBERCLS ‘SC’).
AUTHORITY-CHECK OBJECT ‘S_TABU_DIS’
ID ‘ACTVT’ FIELD ’03’
ID ‘DIBERCLS’ FIELD ‘SC’.
Copying a portion of the SAP code which is used to check for table access
This statement checks the user buffer of the person executing the program/ tcode to see if he has an authorization for S_TABU_DIS with actvt 03 and dibercls ‘sc’. Depending on the contents of the user buffer, the statement might return different values (the values of the sytem field SY-SUBRC)
- 0 signifies a succesfull check, i.e. user has the correct authorization
- 4 denotes user has the authorization object in the buffer but not with the correct values
- 12 denotes that the user has no authorizations for the specified object
Hi,
We will get error codes 0,4,8,12 in ST01 Trace. Could you please tell me from where system will read the data for missing authorization
Please read the post on security trace on this blog. It should answer your question.
Aninda,
can you please explain the user buffer and the t code to acces the buffer.Do we have role buffer as ell in SAP
The user buffer stores the authorizations assigned to a particular user. The transaction to view your user buffer is SU56. I have not come across the term “role buffer”