Ansicht
Dokumentation

ABENBC_AUTHORITY_CHECK - BC AUTHORITY CHECK

ABENBC_AUTHORITY_CHECK - BC AUTHORITY CHECK

Vendor Master (General Section)   SUBST_MERGE_LIST - merge external lists to one complete list with #if... logic for R3up  
This documentation is copyright by SAP AG.
SAP E-Book

Authorizations

Authorizations are a method used to protect functions or objects within an AS ABAP. The programmer of a function determines where authorizations are checked and how. The user administrator determines which users can execute a function or access an object.

The following terms are central to the SAP authorization concept:

Authorization Field

Smallest unit of an authorization object. An authorization field either represents data, such as a key field of a database table, or activities, such as Read or Change. Activities are specified as IDs, which are stored in the database table TACT and the customer-specific table TACTZ.

They are maintained in transaction SU20.

Authorization Object

A repository object on which authorizations are based. An authorization object consists of up to 10 authorization fields. Combinations of authorization fields, which represent data and activities, are used to grant and check authorizations. Authorization objects are grouped together organizationally in authorization object classes.

They are maintained in transaction SU21.

Authorization

An entry in the user master record as part of an authorization profile. An authorization consists of complete or generic values for the authorization fields of an authorization object. The combination determines which activities a user can use to access certain data.

They are generated from transaction PFCG (profile generator for role maintenance). They can also be displayed using transaction SU03.

Authorization Profile

A combination of multiple authorizations. Multiple authorization profiles can be assigned to a single authorization. Authorizations are assigned to users by specifying authorization profiles in the user master record.

They are generated from transaction PFCG (profile generator for role maintenance). They can also be displayed using transaction SU02.

User Master Record

A user master record must exist before a user can log on to an AS ABAP. The master record determines which actions users are allowed to execute and which authorizations they are assigned. Default settings, such as the format in which decimal places are displayed in lists, are also stored in the user master record. An authorization profile can be assigned to users as often as required.

They are maintained in transaction SU01.

Authorization Check

A check to determine whether the current user of a program has a certain authorization. The check compares a value with the corresponding entries for each authorization field of an authorization object in the user master record. Check indicators control whether an authorization check is performed.

Authorization checks are made explicitly using the ABAP statement AUTHORITY-CHECK or implicitly.

Implicit authorization checks are made, for example, when starting transactions by entering the transaction code in the command field of the SAP GUI or in statements such as LEAVE TO TRANSACTION or SUBMIT.

Authorization Assignment

The entry of authorization profiles in the user master record.

Composite Profiles

Composite profiles were used before the profile generator for role maintenance (transaction PFCG) was introduced in manual maintenance of profiles (transaction SU02) to organize the authorization structure. They are not, however, absolutely necessary. An authorization profile can be assigned to composite profiles as often as required.

Notes

  • During an update, no authorizations of the SAP authorization concept are checked.





RFUMSV00 - Advance Return for Tax on Sales/Purchases   CL_GUI_FRONTEND_SERVICES - Frontend Services  
This documentation is copyright by SAP AG.

Length: 5558 Date: 20240328 Time: 154850     sap01-206 ( 89 ms )