01-05-2007 12:43 AM
The requirement is to restrict the execution of a report to only a certain group of users. So what I've done is create an authorization group for the report/program. How do I use the authority-check keyword to check for it?
Program: Z_MMRALV
auth. group: ZMMR
Note: This program is being called by another program (ZPROGA) so it should first check if user is authorized to use it. This check should be incorporated in the calling program.
AUTHORITY-CHECK OBJECT 'S_PROGRAM'
ID 'ZMMR' FIELD 'Z_MMRALV'.
Is this the correct way to do it?
01-05-2007 12:57 AM
It does not matter where you put it...i.e. in the calling program or in the actual program...as in both the places the check will be done and will stop the report if he is not authorised to execute.
- Guru
Reward points for helpful answers
01-05-2007 1:00 AM
Dear Jess
Please check the option we have in attributes of a program.
We can find field "Authorization Group" in attributes.
Below is extract from documentation:
Authorization Group
Authorization group to which the program is assigned.
The assignment of a program to an authorization group plays a role when the system checks whether the user is authorized to:
Execute a program
--> Authorization object S_PROGRAM
Edit a program (-Include) in the ABAP Workbench
--> Authorization object S_DEVELOP
Programs that are not assigned to an authorization group are not protected against display and execution.
Security-related programs should, therefore, always be assigned to an authorization group.
Report RSCSAUTH can also be used to assign programs to authorization groups. This report is documented in detail.
Kind Regards
Eswar