5 Replies Latest reply: May 4, 2011 4:12 PM by Sri Raghu Kishore Pusapati RSS

Authority Check does not work, regardless of auths

Mohammed Sadath
Currently Being Moderated



I have created a Authorization object for Report ID and ACTVT. Created profiles also for the same and assigned the roles to the required users.


In the program i check as:



              ID 'REPID' FIELD sy-repid

              ID 'ACTVT' FIELD '16'. "Execute



Initially this worked fine only for the users who have this roles. But now its started working for all the users irespective of the roles assigned or not.


Can someone help me on this ?




Edited by: Julius Bussche on May 3, 2011 7:52 PM

Subject title made more meaningful...

  • Re: Authority Check
    Sandip Maiti
    Currently Being Moderated



    Take ST01 authorization trace on the execution of the transaction. Check the report, whether this object is checked during the execution. Depending on the results, take decision.


    If user already have that object, then it may be assigned to the users through some different toles. Then remove the role and test.


    If user don't have access of the object, and there is no check against the object during execution, then it is problem in program. Check with the respective developer.


    If authorization check fails and still the user is able to run the transaction, then also it is a problem with the program. Need to check with the developer.




    • Re: Authority Check
      Bernhard Hochreiter
      Currently Being Moderated

      and in addition.....


      If the user definitely doe snot have the authorization, but the authority-check succeeds, propably the auth.-check had been disabled in SU24 for that t-code by setting the check flag to 'no check'.


      b.rgs, Bernhard

      • Re: Authority Check
        Mohammed Sadath
        Currently Being Moderated



        Thanks for the reply.


        But my report program doesn't have any t-code. I have just created a auth object for reportid & actvt.


        In my report program Im doing a check only for report id an dactvt.


        Can you pls help on how will i configure for this Auth object in SU24?

        • Re: Authority Check
          Sri Raghu Kishore Pusapati
          Currently Being Moderated

          A few inputs from my end.

          1. Always associate Custom reports with Custom Z tcodes. In this way you can eliminate running programs from SE38.

          2. Update SU24 with the custom auth object.

          3. If possible use S_PROGRAM, S_TCODE, Z_***** (Custom Object) in a combination to restrict the report usage and provide this tcode to the user in a seperate role (If sensitive).


          In your situation, i would recommend having a Z tcode created and update it with custom Auth object in SU24. That should help in restricting the access.




  • Re: Authority Check
    Julius von dem Bussche
    Currently Being Moderated

    What happens after the authority-check?


    if sy-subrc 0.