Downtime Announcement: Please note that SAP Community Wiki will be unavailable due to a system upgrade on Tuesday, August 11th between 7 and 11 AM CEST
Skip to end of metadata
Go to start of metadata

Authorization objects are composed of a grouping of fields. The values in these fields will be used in authorization check. There can be a maximum of 10 fields defind on an authorization object.

 Basically we use this authoirzation objects to check whether the user is having an authoirzation to run perticular transaction.  We assign authorization objects to a role with specific ACTVT type. For example a user is authorized only to view, other could be authorized to modify and so on.    IF your userid not attached to specific role than contact your basis team to resolve the problem by sending SU53 screen shot.

AUTHORITY-CHECK is the statement used in an ABAP Program to perform an authorization check against an authorization obect.  This statement will return sy-subrc is 0 if user has required authorization otherwise will return code will be other than Zero.  Each return code will have different meaning.

Example:   8 - User has to authorization.

                  12 - Too many parameters  etc.,


STEP1:  goto  SU21 transaction and create a new Authorization Object

Object Name:  Z.....

Text:  ...........



STEP2:  Give authorizatin fields as

ACTION - Action of the Authorization

Activity -  Document Destribution.

STEP3:  Basis will create a role using transaction  PFCG and assign this authorization object to that role.

STEP4:  Call the AUTHORITY-CHECK Object in your code.

 AUTHORITY-CHECK OBJECT <authorization object>
ID <authority field 1> FIELD <field value 1>.
ID <authority field 2> FIELD <field value 2>.

IF sy-subrc 0.
MESSAGE e000(zzpp) WITH 'No Authorization'.

  • No labels

1 Comment

  1. Hello Suresh,

    Need to change following:

    Example:   8 - User has to authorization.  --> Need to change to  Example:   8 - User has no authorization.

    Also need to change IF sy-subrc 0. --> IF sy-subrc is not initial.

     IF sy-subrc is not initial.

         MESSAGE e000(zzpp) WITH 'No Authorization'.