What checks does the SAP authorization tool perform when a transaction code, or TCODE, is executed in order to...
ensure that the user is an authorized user?
When initiating a transaction, a system program performs a series of checks to ensure that the user is authorized.
- The program checks whether the transaction code exists in table TSTC.
- The program checks whether the transaction code is locked by the administrator (transaction code SM01).
- The program checks whether the user has the authority to start the transaction. Authorization object S_TCODE (transaction start) contains the authorization field TCD (transaction code). The user must have the appropriate authorization for the transaction code to be started (for example, FK01, Create Vendor).
- The program checks whether an authorization object is assigned to the transaction code. If this is the case, the program checks whether the user has an authorization for this authorization object. The transaction code/authorization object assignment is stored in table TSTCA.
- The system performs authorization checks in the ABAP program using the ABAP statement Authority-Check.
Note: An SAP program controls steps 1-4. It displays an automatic message to the user if an authorization attempt fails in the step.
Dig Deeper on SAP Basis
Related Q&A from Farooq Ali
SAP BI/BW expert Farooq Ali discusses the differences in the use of SAP Software Deployment Manager (SDM) and SAP Java Support Package Manager (JSPM)... Continue Reading
Find out how resetting a transport buffer can help fix an error that occured during the installation of an SAPGUI patch. Learn how to avoid an ... Continue Reading
Find out how to set a default SAP BI client within an SAP Business Intelligence (BI) system. Learn how to run an SAP Basis TCode in a default SAP BI ... Continue Reading