Authorization check in SAP is implemented to make sure that users have the proper authorizations to perform any action. To ensure that these checks are in place, authorization objects are linked to users’ actions using various ways:
- Authorization Check for Transactions: When a transaction is executed, some levels of authorization check take place. The first level of authorization check tries to confirm if the user has access to that particular tcode in authorization object S_TCODE.
Once this check is successful, user can go ahead and start this transaction successfully (assuming that no authorization object is maintained in transaction maintenance screen (SE93) for that tcode).
If some authorization object is maintained for that transaction code in SE93 screen, then to start the execution of that transaction, the user needs to have access to that authorization object also along with the field values which are maintained in SE93.
- AUTHORITY-CHECK statements in ABAP Programs: AUTHORITY-CHECK statements are used in ABAP codes while development of ABAP Programs/Reports. Authorization objects along with the necessary field values are inserted into the ABAP code for authorization check against user actions through that particular program.
Report RSABAPSC gives the authority-check commands used in programs and subprograms.
Go to SA38 and execute RSABAPSC
The point to note is that Report RSABAPSC does not always give the complete list of all the authority check statements. Since the AUTHORITY-CHECK statements are present in programs and subprograms, it might miss the authority check statements for some subprograms. By increasing the value for recurrence level as shown in the figure above, we may get the authority check values for next levels. It is however very helpful in finding the initial level of authorization checks.
Our Next Post is on Organizational Levels in SAP