on 06-27-2006 1:03 PM
Hi Experts,
I have a question on security in ABAP program.
I have a ABAP program which has a transaction attached.
I have added authorization check in ABAP program(Progran level security).
I have also attached the authorization object to the transaction.(Transaction level security)
If an end user runs the transactionm, then which authorization check will fire first? Will it be transaction level?
If I have web enabled my ABAP program via SICF (in other words, ITS). Then when I try to run my ITS service in the browser will the transaction level authorization fire? or Will the program level authorization fire?
Please help me understand this security aspect.
Thanks
Gopal
<i>I have added authorization check in ABAP program(Progran level security).</i>
i assume you have coded call authority within the program.
<i>If an end user runs the transactionm, then which authorization check will fire first?</i>
if he calls the transaction, then first authorization attached to the transaction will be checked.
but if he executes the program attached to the transaction, then the authorization attached to the transaction dosent help here, the one coded in side the program is checked.
<i>If I have web enabled my ABAP program via SICF (in other words, ITS).</i>
it depends,
if you are calling your transaction like
webgui/?~transaction=<tcode> then first tcode level authorization.
if you generate the templates for the program and callign the same, then i guess its progam level. (i need to check this)
Regards
Raja
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
84 | |
10 | |
10 | |
10 | |
7 | |
6 | |
6 | |
5 | |
4 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.