AUTHORITY-CHECK
Basic form
AUTHORITY-CHECK OBJECT object
ID name1 FIELD f1
ID name2 FIELD f2
...
ID name10 FIELD f10.
Effect
Explanation of IDs:
object Field which contains the name of the object for which
the authorization is to be checked.
name1 ... Fields which contain the names of the
name10 authorization fields defined in the object.
f1 ... Fields which contain the values for which the
f10 authorization is to be checked.
AUTHORITY-CHECK checks for one object whether the user has an
authorization that contains all values of f (see
SAP authorization concept).
You must specify all authorizations for an object and a also a value
for each ID (or DUMMY ).
The system checks the values for the ID s by AND-ing them
together, i.e. all values must be part of an authorization assigned to
the user.
If a user has several authorizations for an object, the values are
OR-ed together. This means that if the CHECK finds all the
specified values in one authorization, the user can proceed. Only if
none of the authorizations for a user contains all the required values
is the user rejected.
If the return code SY-SUBRC = 0, the user has the required
authorization and may continue.
The return code is modified to suit the different error scenarios. The
return code values have the following meaning:
4 User has no authorization in the SAP System for such an
action. If necessary, change the user master record.
8 Too many parameters (fields, values). Maximum allowed is 10.
12 Specified object not maintained in the user master record.
16 No profile entered in the user master record.
24 The field names of the check call do not match those of an
authorization. Either the authorization or the call is incorrect.
28 Incorrect structure for user master record.
32 Incorrect structure for user master record.
36 Incorrect structure for user master record.
If the return code value is 8 or possibly 24, inform the person
responsible for the program. If the return code value is 4, 12, 15 or
24, consult your system administrator if you think you should have the
relevant authorization. In the case of errors 28 to 36, contact SAP,
since authorizations have probably been destroyed.
Individual authorizations are assigned to users in their respective
user profiles, i.e. they are grouped together in profiles which are
stored in the user master record.
Note
Instead of ID name FIELD f , you can also write
ID name DUMMY . This means that no check is performed for the
field concerned.
The check can only be performed on CHAR fields. All other field types
result in 'unauthorized'.
Example
Check whether the user is authorized for a particular
plant. In this case, the following authorization object applies:
Table OBJ : Definition of authorization object
M_EINF_WRK
ACTVT
WERKS
Here, M_EINF_WRK is the object name, whilst ACTVT and
WERKS are authorization fields. For example, a user with the
authorizations
M_EINF_WRK_BERECH1
ACTVT 01-03
WERKS 0001-0003 .
can display and change plants within the Purchasing and Materials
Management areas.
Such a user would thus pass the checks
-
AUTHORITY-CHECK OBJECT 'M_EINF_WRK'
ID 'WERKS' FIELD '0002'
ID 'ACTVT' FIELD '02'.
AUTHORITY-CHECK OBJECT 'M_EINF_WRK'
ID 'WERKS' DUMMY
ID 'ACTVT' FIELD '01':
but would fail the check
-
AUTHORITY-CHECK OBJECT 'M_EINF_WRK'
ID 'WERKS' FIELD '0005'
ID 'ACTVT' FIELD '04'.
To suppress unnecessary authorization checks or to carry out checks
before the user has entered all the values, use DUMMY - as in
this example. You can confirm the authorization later with another
AUTHORITY-CHECK .
Index
© SAP AG 1996