Authority-CheckGetting Started

Authority-Check

This post talks about the program level mechanism to implement a check for a particular authorization object. SAP Business applications are coded in the SAP proprietary language, ABAP. All transactions call ABAP programs at the back-end and it is this code which is responsible for checking security.

The security check for an authorization object is through the standard ABAP construct “AUTHORITY-CHECK”. The actual form of this statement is given below for checking display access (ACTVT 03) to a table belonging to particular table authorization group (DIBERCLS ‘SC’).

AUTHORITY-CHECK OBJECT ‘S_TABU_DIS’
ID ‘ACTVT’ FIELD ’03’
ID ‘DIBERCLS’ FIELD ‘SC’.

Copying a portion of the SAP code which is used to check for table access

Authority-Check for Tables
Authority-Check for Tables

This statement checks the user buffer of the person executing the program/ tcode to see if he has an authorization for S_TABU_DIS with actvt 03 and dibercls ‘sc’. Depending on the contents of the user buffer, the statement might return different values (the values of the sytem field SY-SUBRC)

  • 0 signifies a succesfull check, i.e. user has the correct authorization
  • 4 denotes user has the authorization object in the buffer but not with the correct values
  • 12 denotes that the user has no authorizations for the specified object

4 thoughts on “Authority-Check

  • Hi,
    We will get error codes 0,4,8,12 in ST01 Trace. Could you please tell me from where system will read the data for missing authorization

    Reply
    • Aninda

      Please read the post on security trace on this blog. It should answer your question.

      Reply
  • vishnu

    Aninda,

    can you please explain the user buffer and the t code to acces the buffer.Do we have role buffer as ell in SAP

    Reply
    • Aninda

      The user buffer stores the authorizations assigned to a particular user. The transaction to view your user buffer is SU56. I have not come across the term “role buffer”

      Reply

Leave a Reply

Your email address will not be published. Required fields are marked *