This post talks about the program level mechanism to implement a check for a particular authorization object. SAP Business applications are coded in the SAP proprietary language, ABAP. All transactions call ABAP programs at the back-end and it is this code which is responsible for checking security.
The security check for an authorization object is through the standard ABAP construct “AUTHORITY-CHECK”. The actual form of this statement is given below for checking display access (ACTVT 03) to a table belonging to particular table authorization group (DIBERCLS ‘SC’).
AUTHORITY-CHECK OBJECT ‘S_TABU_DIS’
ID ‘ACTVT’ FIELD ’03’
ID ‘DIBERCLS’ FIELD ‘SC’.
Copying a portion of the SAP code which is used to check for table access
This statement checks the user buffer of the person executing the program/ tcode to see if he has an authorization for S_TABU_DIS with actvt 03 and dibercls ‘sc’. Depending on the contents of the user buffer, the statement might return different values (the values of the sytem field SY-SUBRC)
- 0 signifies a succesfull check, i.e. user has the correct authorization
- 4 denotes user has the authorization object in the buffer but not with the correct values
- 12 denotes that the user has no authorizations for the specified object