cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

ABAP program and organizational permissions

Go to solution
former_member614675
Discoverer

on ‎2022 May 03 7:28 PM

0 Kudos
410

Hi experts,

Small question to you for my better understanding.

Assuming that i have an authorization model based on Tcodes and Organizational levels, e.g:

Rola A, gives me permission to Tcode ABC and XYZ, without any organization levels

Role B, gives me permission to company code data 0001 and 0002.

Now i have a custom program which retrieves financial data. Do i need to perform an authorization check if any data retrieved by the program is from different company codes, <> 0001 and 0002, or the authorization model in place already takes care of that?

Thanks in advance.

Regards

Know the answer?

Help others by sharing your knowledge.

Answer

Need more details?

Request clarification before answering.

Show replies
Show replies

Accepted Solutions (1)

Accepted Solutions (1)

abo
Active Contributor
‎2022 May 04 7:48 AM
0 Kudos

It would be great if the authority checks could happen automagically but the reality is that you'll have to add the appropriate AUTHORITY-CHECKS statements yourself in ABAP.

The reasons for this are at least two:

  1. the core does not know which authorization object is appropriate for each situation, especially in cases where more than one could be used
  2. the core does not know where to gather the values from: should it match the fields by name? By type? From which variables or structures?

In a large organization you'll have dedicated security consultants telling you which objects to check against and which fields to compare, in smaller ones it is also possible that you'll have to figure it out yourself.

Show replies
Show replies

Answers (0)

Ask a Question