cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Question on security in ABAP program with ITS. Please help!

gopalkrishna_baliga
Participant

on ‎06-27-2006 1:03 PM

0 Kudos

Hi Experts,

I have a question on security in ABAP program.

I have a ABAP program which has a transaction attached.

I have added authorization check in ABAP program(Progran level security).

I have also attached the authorization object to the transaction.(Transaction level security)

If an end user runs the transactionm, then which authorization check will fire first? Will it be transaction level?

If I have web enabled my ABAP program via SICF (in other words, ITS). Then when I try to run my ITS service in the browser will the transaction level authorization fire? or Will the program level authorization fire?

Please help me understand this security aspect.

Thanks

Gopal

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (1)

Answers (1)

athavanraja
Active Contributor
‎06-27-2006 1:30 PM
0 Kudos

<i>I have added authorization check in ABAP program(Progran level security).</i>

i assume you have coded call authority within the program.

<i>If an end user runs the transactionm, then which authorization check will fire first?</i>

if he calls the transaction, then first authorization attached to the transaction will be checked.

but if he executes the program attached to the transaction, then the authorization attached to the transaction dosent help here, the one coded in side the program is checked.

<i>If I have web enabled my ABAP program via SICF (in other words, ITS).</i>

it depends,

if you are calling your transaction like

webgui/?~transaction=<tcode> then first tcode level authorization.

if you generate the templates for the program and callign the same, then i guess its progam level. (i need to check this)

Regards

Raja

Show replies
Show replies
Ask a Question