9 Replies Latest reply: Jun 21, 2011 11:50 AM by Bouznada Sana RSS

Authorization check in SAP Queries.

Jaideep Sharma
Currently Being Moderated

Hi All,

We have created a SAP query and infoset for displaying invoices. We want to restrict the users from viewing data of company code for which they don't have display authorization. For instance if user is authorized only for displaying data for US company code then he should not be able to see the data for company Italy. Also the company code parameter is a select option in SAP query.

So the user can enter '*' also. In that case we want to display the data for all company codes for which user is authorized to. We tried to do change in code in infoset on AT SELECTION SCREEN but its not working as the variables in the program generated for query are not visible in Infosets. Please let us know how can we fix this requirement.


KR Jaideep,

  • Re: Authorization check in SAP Queries.
    Renjith Michael
    Currently Being Moderated



    Code the Authority-check in section 6 -  END-OF-SELECTION.


    For example:




    ID 'SPART' FIELD '10'

    ID 'ACTVT' FIELD '03'.


    if sy-subrc <> 0.

    MESSAGE 'Insufficient Authorization.Some data is truncated.' TYPE 'I'.



  • Re: Authorization check in SAP Queries.
    Saumya Govil
    Currently Being Moderated

    Hi Jaideep,


    Use AUTHORITY-CHECK to restrict access to the database based on user.

    Press F1 on AUTHORITY-CHECK to find out how to use it in the code.




  • Re: Authorization check in SAP Queries.
    Sikindar T
    Currently Being Moderated

    instead of concentraeteing on the authorisation checks on company code


    check with the at the user level

  • Re: Authorization check in SAP Queries.
    Neenu Jose
    Currently Being Moderated



    Go to tcode:SQ03 Usergroup, and enter the name of the usergroup or create a new user group.


    Choose Assign Users and InfoSets.Enter the names of those users that are to belong to this user group.


    Using Settings -> Without Selection, here you have to enter the names of the users manually.



    To be able to make changes to queries, the user requires authorization for the authorization object S_QUERY with the value Change.


    Using the pushbuttons:

    Change Authorization, Select All, give authorization for all users of a user group.

    Change Authorization, Delete All, revoke authorization for all users of a user group.


    By clicking on the checkbox before the name of a user to set or delete the indicator, you can give or revoke change authorization for individual users.


    Also, assign Infoset and Save.

  • Re: Authorization check in SAP Queries.
    George Trentsios
    Currently Being Moderated

    Enchace the infoset and into extras at tab CODE and code selection Record Processing

    include a code something like following

             ID 'KTOPL' FIELD SKA1-KTOPL
             ID 'ACTVT' FIELD '03'.
    Check SY-SUBRC EQ '0'.


    • Re: Authorization check in SAP Queries.
      Jaideep Sharma
      Currently Being Moderated

      Hi All,

      Thanks alot for your valuable inputs.

      I have made following modifications in the infosets.



      *---Authorization for Company code entered by the users.
      *---This code will restrict users to see data for company
      *---codes which they are not authorized to.
      *---Select all the company codes based upon selection entered by the
       SELECT bukrs
         FROM t001
         INTO TABLE li_bukrs
        WHERE bukrs IN bukrs.
       IF sy-subrc EQ 0.
      *---Clear Screen variable for Company code
         CLEAR bukrs.
         REFRESH bukrs.
      *---Filter and prepare Select options for Company code table to be
      *---passed to query. Table will only have values of company codes he is
      *---authorized to for display.
         LOOP AT li_bukrs INTO lwa_bukrs.
                             ID 'BUKRS' FIELD lwa_bukrs
                             ID 'ACTVT' FIELD '03'.
           IF sy-subrc = 0.
             bukrs-sign = 'I'.
             bukrs-option = 'EQ'.
             bukrs-low = lwa_bukrs.
             bukrs-high = space.
             APPEND bukrs.
             lv_flag = 'X'.
      *---Give warning message to the user in case he is not authorized to see
      *---data for all the company codes that he has entered.
         IF lv_flag = 'X'.
           MESSAGE ID 'ZF_MSS_FNG' TYPE 'W' NUMBER '015'.


      • Re: Authorization check in SAP Queries.
        Bouznada Sana
        Currently Being Moderated



        I'm sorry to bring that old post but I'm in the same situation.

        How and where to add your code in the SAP Query ?

        When checking the source code, there is an error after the first select so the query couldn't be generated.

        "The IN operator with "BUKRS" is followed neither by an internal table nor by a value list."


        I managed to add this code directly into the program by replacing "bukrs" by the select-options object refering to company code (ex: SP$00003), but I'd prefer to maintain all this authorization check inside the SAP Query.


        Is there any ABAP developer out there who can't help me achieving this authorization check through SAP Query.



        Thierry Kennes

  • Re: Authorization check in SAP Queries.
    Jaideep Sharma
    Currently Being Moderated


  • Re: Authorization check in SAP Queries.
    Currently Being Moderated

    Hello Jaideep,


    How are you..!!


    I have a similar requirement regarding Authority checks for selection screen inputs in a SAP Query,

    Could you please share the resolution for this issue..!!




    Best Regards,

    Shivaji Gannavarapu


    Edited by: SHIVAJI GANNAVARAPU on Jul 11, 2009 10:27 PM