How to adapt authority-checks in reports

NOTE OCTOBER 2006

How to adapt authority-check in reports

The procedure concerning the integration of an authority check
to an ABAP/4® report is  basically as described.
In this example a SAP standard program is copied
into the customer name space, and modified to
meet the company specific needs.

1. Copy the SAP Standard program into
the customer name space:
The original program is the report RSUSR003,
the name of the copy in this case e.g. is ZZ_RSUSR003.

2. The entry of a developer key is required as long
as you are not registered with a corresponding
entry in the table DEVACCESS.

3. To validate whether an authority check
already exists you may search for the string
“authority-check” within the source code
of the report copy. (CTRL + F)




Via double click you will directly branch into the corresponding line
within the source code.


In this case the original authority-check is changed,
but of course you may add or even create a complete
different authority check:

AUTHORITY-CHECK OBJECT 'S_USER_GRP'
        ID 'ClASS' FIELD 'AUDIT'
        ID 'ACTVT' FIELD '01'.
   IF SY-SUBRC NE 0.
*   041 Keine Berechtigung zum Anlegen von Benutzergruppe &
      MESSAGE E041(01) WITH '  '.
    endif.

In this case the authority-check based on the object S_USER_GRP
is changed. It is checked if the user has an authorization to
create [01] for the user group "AUDIT".

Execute the syntax check, and save the modifications.
Activate the report. After that the report is successfully changed.

If the user has no corresponding authorizations
[S_USER_GROUP with CLASS “AUDIT” and ACTVT “01”
he will now get the following message:




If you want to integrate another object for the authority check,
you can enter the syntax accordingly, like in the next example
with the object F_BKPF_BUK:

* Berechtigung zur Pflege des Buchungskreises
  AUTHORITY-CHECK OBJECT 'F_BKPF_BUK'
        ID 'ACTVT' FIELD '01'
        ID 'BUKRS' FIELD '1000'.
   IF SY-SUBRC NE 0.

You may also add a user message to the source code
as in the example before.

Now the user will need a corresponding authorization
on F_BKPF_BUK to execute the adapted report.