Parameters of the Authority Handler Method

 

The authority handler method has the following parameters:

KEYS

• Keys of the affected entity instances
• Typed with derived data type TABLE FOR AUTHORIZATION KEY

 

Requested_authorizations

• Can be used to only perform requested checks (performance optimization)
• Contains flags for requested basic operations (create, update, delete) and actions
• Possible values are the components of constant IF_ABAP_BEHV~MK
• Components depend on behavior definition
• Typed with derived data type STRUCTURE FOR AUTHORIZATION REQUEST

 

Result

• Contains a table of instance keys and flags for basic operations and actions
• Possible values are the components of constant IF_ABAP_BEHV~AUTH
• Type depends on behavior definition
• Typed with derived data type TABLE FOR AUTHORIZATION RESULT

 

Example: Instance Authorization Check

 

The code example shows the implementation of an instance base authority check. The check itself is done with the ABAP statement AUTHORITY-CHECK.

 

First, the method uses importing parameter keys, to read the data of all entity instances for which the authority check is to be performed.

 

It then performs the authorization check for each data set (entity instance) in turn. If the user does not have the requested authorization, the logic adds a row to parameter result that contains the key of the entity instance and flags for the disallowed operations.