Authority-Check

This post talks about the program level mechanism to implement a check for a particular authorization object. SAP Business applications are coded in the SAP proprietary language, ABAP. All transactions call ABAP programs at the back-end and it is this code which is responsible for checking security.

The security check for an authorization object is through the standard ABAP construct “AUTHORITY-CHECK”. The actual form of this statement is given below for checking display access (ACTVT 03) to a table belonging to particular table authorization group (DIBERCLS ‘SC’).

AUTHORITY-CHECK OBJECT ‘S_TABU_DIS’
ID ‘ACTVT’ FIELD ’03’
ID ‘DIBERCLS’ FIELD ‘SC’.

Copying a portion of the SAP code which is used to check for table access

Authority-Check for Tables
Authority-Check for Tables

This statement checks the user buffer of the person executing the program/ tcode to see if he has an authorization for S_TABU_DIS with actvt 03 and dibercls ‘sc’. Depending on the contents of the user buffer, the statement might return different values (the values of the sytem field SY-SUBRC)

  • 0 signifies a succesfull check, i.e. user has the correct authorization
  • 4 denotes user has the authorization object in the buffer but not with the correct values
  • 12 denotes that the user has no authorizations for the specified object

4 Replies to “Authority-Check”

    1. The user buffer stores the authorizations assigned to a particular user. The transaction to view your user buffer is SU56. I have not come across the term “role buffer”

Leave a Reply

Your email address will not be published. Required fields are marked *