Showing results for 
Search instead for 
Did you mean: 

ABAP program and organizational permissions

0 Kudos

Hi experts,

Small question to you for my better understanding.

Assuming that i have an authorization model based on Tcodes and Organizational levels, e.g:

Rola A, gives me permission to Tcode ABC and XYZ, without any organization levels

Role B, gives me permission to company code data 0001 and 0002.

Now i have a custom program which retrieves financial data. Do i need to perform an authorization check if any data retrieved by the program is from different company codes, <> 0001 and 0002, or the authorization model in place already takes care of that?

Thanks in advance.


Accepted Solutions (1)

Accepted Solutions (1)

Active Contributor
0 Kudos

It would be great if the authority checks could happen automagically but the reality is that you'll have to add the appropriate AUTHORITY-CHECKS statements yourself in ABAP.

The reasons for this are at least two:

  1. the core does not know which authorization object is appropriate for each situation, especially in cases where more than one could be used
  2. the core does not know where to gather the values from: should it match the fields by name? By type? From which variables or structures?

In a large organization you'll have dedicated security consultants telling you which objects to check against and which fields to compare, in smaller ones it is also possible that you'll have to figure it out yourself.

Answers (0)