Small question to you for my better understanding.
Assuming that i have an authorization model based on Tcodes and Organizational levels, e.g:
Rola A, gives me permission to Tcode ABC and XYZ, without any organization levels
Role B, gives me permission to company code data 0001 and 0002.
Now i have a custom program which retrieves financial data. Do i need to perform an authorization check if any data retrieved by the program is from different company codes, <> 0001 and 0002, or the authorization model in place already takes care of that?
Thanks in advance.
It would be great if the authority checks could happen automagically but the reality is that you'll have to add the appropriate AUTHORITY-CHECKS statements yourself in ABAP.
The reasons for this are at least two:
In a large organization you'll have dedicated security consultants telling you which objects to check against and which fields to compare, in smaller ones it is also possible that you'll have to figure it out yourself.