Users authorizations and their maintenance is an essential part of a successful SAP implementation. The R/3 system provides all authorization objects and checks to test whether users have access to system functions. However, many SAP R/3 installations are customized to suit business requirements. SAP customers may add new functions and development objects to further system capabilities. When such customization is done, it is important to include authorization checks for custom developed objects and transactions. One of the best ways of doing this is by programming the authorization check using ABAP standard statement "AUTHORITY CHECK". Below are the steps to configure the ABAP authority check statement in customized programs.

1. The first step is to define and create authorization fields for the new authorization test. The authorization fields contain values which will be tested by the program.

2. Second step is to define the authorization object containing newly defined authorization fields. Once this is done, the authorization object needs to be assigned to an object class. SAP recommends to assign custom authorization objects to custom authorization object classes. This is normally done by using the letters "Y" or "Z" to distinguish SAP pre-defined classes.

3. The final step is to program the checking of the authorization using the ABAP AUTHORITY-CHECK standard statement.

Related Posts

Authorization Description Profile Name SAP ECC
Composite Authorization Profiles SAP R3
SQL Trace in SAP R/3
Defining Password Rules in SAP