SAP® Documentation

Single view

ABAPCALL_TRANSACTION_AUTH_OBS - CALL TRANSACTION AUTH OBS

Vendor Master (General Section)   Vendor Master (General Section)  
This documentation is copyright by SAP AG.
SAP E-Book

CALL TRANSACTION - Obsolete

Short Reference



Obsolete Syntax

CALL TRANSACTION ta $[AND SKIP FIRST SCREEN$]
                  $| $[ USING bdc_tab ...$].


Effect

Neither of the additions WITH$|WITHOUT AUTHORITY-CHECK are specified in this variant of the statement CALL TRANSACTION. In this case, the content of the database table TCDCOUPLES specifies whether automatic authorization checks are made or not.

If the current transaction code and the called transaction code appear as a pair in the columns TCODE and CALLED of the database table TCDCOUPLES and if the database field OKFLAG of this row has the value "X", the same authorization checks are performed as when the addition WITH AUTHORITY-CHECK is specified. If this is not the case, no check takes place.

The entries in the database table TCDCOUPLES can be defined in transaction SE97. The entry in the column MAINTFLAG controls the program behavior if the authorization is missing (see the documentation of the data element TCDCOUPMSG).

The obsolete behavior described here for the authorization check can be overridden by the hidden profile parameter auth/check/calltransaction. This profile parameter is not provided as standard but it can be created manually. The following table shows the value combinations - value in OKFLAG in TCDCOUPLES (first column) and value of existing profile parameter (first row) - for which an authorization check is performed.

 0123
"X"-xxx
"N"-x--
" "-x-x

The last row also describes the behavior for when TCDCOUPLES does not contain a corresponding entry. Value 2 for the profile parameter is the standard behavior.

The security tests in the extended program check ignore both the content of the database table TCDCOUPLES and the hidden profile parameter auth/check/calltransaction. These tests always produce an error if neither of the additions WITH$|WITHOUT AUTHORITY-CHECK is specified and if no preceding authorization check is made by calling the function module AUTHORITY_CHECK_TCODE or the statement AUTHORITY-CHECK.

Notes

  • The function module AUTHORITY_CHECK_TCODE is also controlled by the content of the database table TCDCOUPLES. It checks the associated authorization objects only if the database field OKFLAG in TCDCOUPLES has the value "X" or is empty. If the field has the value "N", the function module does not perform a check. If the authorization is to be checked regardless of the table entries, the statement AUTHORITY-CHECK needs to be used.
  • The association between automatic authorization checks on entries in a database table and a hidden profile parameter is very prone to errors. For this reason, this form of the statement CALL TRANSACTION is obsolete. If possible, one of the additions WITH AUTHORITY-CHECK or WITHOUT AUTHORITY-CHECK should be used.
  • In releases where the additions WITH AUTHORITY-CHECK or WITHOUT AUTHORITY-CHECK did not yet exist, the recommendation was that the authorization check be performed before the transaction was called using the function module AUTHORITY_CHECK_TCODE or the statement AUTHORITY-CHECK. Here, the function module AUTHORITY_CHECK_TCODE also has a dependency on the database table TCDCOUPLES (the statement AUTHORITY-CHECK does not). The security tests in the extended program check continue to accept preceding checks of this nature but in new programs the additions should be used.





ABAP Short Reference   General Data in Customer Master  
This documentation is copyright by SAP AG.

Length: 7524 Date: 20191215 Time: 141700     sap01-206 ( 38 ms )

Our Service

Looking for Support? Questions?

The

Consolut

Callback-Service

Leave us your contact details and we will call you back. Panels marked with * are mandatory.