Id ’actvt’ field ’02’.

Figure 106: Implementing Authorization Checks in Programs

In order to avoid spelling errors in object and field names, you should have the AUTHORITY-CHECK statement generated into your source code by means of the Pattern button. Following that, maintain the field values and implement the sy-subrc check.

Now ask the participants to carry out the exercise.

163 Exercise 10: Authorization Check

Exercise Duration: 20 Minutes

Exercise Objectives

After completing this exercise, you will be able to:

• Implement authorization checks

• Set up the program flow in a variable manner depending on the outcome of the authorization check

Business Example

Your ABAP programs have to be enhanced in such a way that the flight times of the airline specified by the user can be read and output only if the user has display authorization for the selected airline.

System Data

System: Will be assigned Client: Will be assigned User ID: Will be assigned Password: Will be assigned

Set up instructions: No special instructions when using a standard training

system

Task 1:

Check for display authorization for airlines

1. Copy your executable program ZBC400_##_SELECT_SFLIGHT

(solution of first exercise in lesson “Reading Database Tables”) or

the template SAPBC400DDS_SELECT_SFLIGHT to the new name

ZBC400_##_AUTHORITY_CHECK.

2. Check whether the current user has display authorization for the chosen airline before selecting the requested data from the database. To do so, use authorization object S_CARRID.

Hint: Use the relevant statement pattern in the ABAP Editor.

Determine the appropriate activity code for the value assignment for the ACTVT field.

3. Define a constant for the activity code to be used (suggested name: actvt_display; type assignment with data element ACTIV_AUTH). Use this constant in the authorization check.

Continued on next page

4. Execute the database access if the user has display authorization for the selected airline. If that is not the case, output an appropriate message as a list.

5. Execute your program with airline codes AA and UA.

Task 2:

Additional task for the authorization check

1. Copy your executable program ZBC400_##_SELECT_SFLIGHT_ITAB (solution of second exercise in lesson “Reading Database Tables”) or the template SAPBC400DDS_SELECT_SFLIGHT_ITAB to the new name ZBC400_##_AUTHORITY_CHECK_2.

2. Proceed as you did in the previous exercise.

Solution 10: Authorization Check

Task 1:

Check for display authorization for airlines

1. Copy your executable program ZBC400_##_SELECT_SFLIGHT

(solution of first exercise in lesson “Reading Database Tables”) or

the template SAPBC400DDS_SELECT_SFLIGHT to the new name

ZBC400_##_AUTHORITY_CHECK. a) Carry out this step as usual.

2. Check whether the current user has display authorization for the chosen airline before selecting the requested data from the database. To do so, use authorization object S_CARRID.

Hint: Use the relevant statement pattern in the ABAP Editor.

Determine the appropriate activity code for the value assignment for the ACTVT field.

a) See source code excerpt in the model solution.

3. Define a constant for the activity code to be used (suggested name: actvt_display; type assignment with data element ACTIV_AUTH). Use this constant in the authorization check.

a) See source code excerpt in the model solution.

4. Execute the database access if the user has display authorization for the selected airline. If that is not the case, output an appropriate message as a list.

a) See source code excerpt in the model solution.

5. Execute your program with airline codes AA and UA. a) Carry out this step as usual.

Task 2:

Additional task for the authorization check

1. Copy your executable program ZBC400_##_SELECT_SFLIGHT_ITAB (solution of second exercise in lesson “Reading Database Tables”) or the template SAPBC400DDS_SELECT_SFLIGHT_ITAB to the new name ZBC400_##_AUTHORITY_CHECK_2.

a) Carry out this step as usual.

2. Proceed as you did in the previous exercise.

Continued on next page

a) See source code excerpt in the model solution.

Result

Source code excerpt: SAPBC400DDS_AUTHORITY_CHECK

REPORT sapbc400dds_authority_check.

CONSTANTS actvt_display TYPE activ_auth VALUE ’03’.

DATA wa_flight TYPE sbc400focc. PARAMETERS pa_car TYPE s_carr_id.

* Authority Check: User authorized to read data of the specified carrier?

AUTHORITY-CHECK OBJECT ’S_CARRID’ ID ’CARRID’ FIELD pa_car