Authority-Check and S_Program

Former Member · ‎01-05-2007

The requirement is to restrict the execution of a report to only a certain group of users. So what I've done is create an authorization group for the report/program. How do I use the authority-check keyword to check for it?

Program: Z_MMRALV

auth. group: ZMMR

Note: This program is being called by another program (ZPROGA) so it should first check if user is authorized to use it. This check should be incorporated in the calling program.

AUTHORITY-CHECK OBJECT 'S_PROGRAM'

ID 'ZMMR' FIELD 'Z_MMRALV'.

Is this the correct way to do it?

Former Member · ‎01-05-2007

It does not matter where you put it...i.e. in the calling program or in the actual program...as in both the places the check will be done and will stop the report if he is not authorised to execute.

- Guru

Reward points for helpful answers

Former Member · ‎01-05-2007

Dear Jess

Please check the option we have in attributes of a program.

We can find field "Authorization Group" in attributes.

Below is extract from documentation:

Authorization Group

Authorization group to which the program is assigned.

The assignment of a program to an authorization group plays a role when the system checks whether the user is authorized to:

Execute a program

--> Authorization object S_PROGRAM

Edit a program (-Include) in the ABAP Workbench

--> Authorization object S_DEVELOP

Programs that are not assigned to an authorization group are not protected against display and execution.

Security-related programs should, therefore, always be assigned to an authorization group.

Report RSCSAUTH can also be used to assign programs to authorization groups. This report is documented in detail.

Kind Regards

Eswar