Authorization

Critical data and part of functional scope of SAP system must be protected from unauthorized access. Using Authorization check in program user only access for which he or she is authorized.
Authorization object can be defined with in object classes
While defining authorization object , specify appropriate fields with out values. Then create actual authorization by subsiquently assigning values to these fields. This authorization can be integrated into Required user master records by means of authorization profile.
Several different authorization can be created for an authorization object.
authorization check principle:-
At runtime use AUTHORITY-CHECK statement to check whether the actual user has the authorization required for executing the function in his or her user master record. If SY-SUBRC=0 The user permitted.Defining and implementing authorization check are responsibilty of developer.
authorization and profile definition and design of the user master records are responsibility of admin.
Creation:-
Define the structure of authorization concept. An object usually consists of the ACTVT(activity) field and one other field , which specify the data type to be protected. The value of these authorization fields specify what the user is authorized to do.
SU20 to create fields
SU21 create object class and then create fields
If object contains the ACTVT field, then maintain permitted activities with reference to the object.
Table TACT contains all possible activity codes including their description.
Table TACTZ contains the activity codes that are permitted for spe ific objects.
If you do not want to carry out a check for a field, either do not enter it in AUTHORITY-CHECK statement or enter DUMMY as the field value
AUTHORITY-CHECK OBJECT ‘S_CARRID’
ID ‘CARRID’ DUMMY
ID ‘ACTVT’ FIELD ’02’.