Reg authority check

Similar Messages

• Reg:Authority Check object

  Dear All,
  I am calling two authority check object M_MATE_MAR  and M_MSEG_BMB in my report.
  Now for a user if i see the Role the second object  M_MSEG_BMB is maintained and the object M_MATE_MAR is not maintained.
  Now in my program for the object M_MATE_MAR(as it is not maintained),my sy-subrc is returning 12,hence check faing and for
  M_MSEG_BMB sy-subrc = 4 as check is failng.
  My requirement is the user should not see some movement types irrespective of the material ,
  If i pass a material in the selection screen report , movement type records are deleting fine along with that others are alos deleting becs of sy-subrc <> 0(sy-subrc = 12).so i get a blank report as output.
  so wht should be done in my case.
  Regards

  Hi Rajendra,
  When you hit F1 on the Authority-check,
  If Sy-subrc = 4, Authorization check not successful. One or several authorizations were indeed found for the authorization object in the user master record and they include the value sets, but not the values specified, or incorrect or too many authorization fields were specified.
  If Sy-subrc = 12, No authorization was found for the authorization object in the user master record.
  When Sy-subrc = 24, Incorrect authorization fields or an incorrect number of authorization fields was found. This return value is no longer set since Release 6.20. Up to Release 4.6 it is set only if the profile parameter "auth/new_buffering" has a value less than 3.
  When sy-subrc = 40, An invalid user ID has been entered in user.
  Hope it helps.
  Sujay

• Help reg  authority-check

  Hi all,
  can anyone explain what this statement does.
  authority-check object 'Z_Abc_def'
    id 'ZAbc_defI' field '*'.
  Thanks in advance

  Check the sap provided help:
  here is an excerpt:
  AUTHORITY-CHECK
  Basic form
  AUTHORITY-CHECK OBJECT object
      ID name1  FIELD f1
      ID name2  FIELD f2
      ID name10 FIELD f10.
  Effect
  Explanation of IDs:
  object
  Field which contains the name of the object for which the authorization is to be checked.
  name1 ...
  Fields which contain the names of the
  name10
  authorization fields defined in the object.
  f1 ...
  Fields which contain the values for which the
  f10
  authorization is to be checked.
  AUTHORITY-CHECK checks for one object whether the user has an authorization that contains all values of f (see SAP authorization concept).
  You must specify all authorizations for an object and a also a value for each ID (or DUMMY).
  The system checks the values for the IDs by AND-ing them together, i.e. all values must be part of an authorization assigned to the user.
  If a user has several authorizations for an object, the values are OR-ed together. This means that if the CHECK finds all the specified values in one authorization, the user can proceed. Only if none of the authorizations for a user contains all the required values is the user rejected.
  If the return code value in SY-SUBRC is 0, the user has the required authorization and may continue.
  The return code value changes according to the different error scenarios. The return code values have the following meaning:
  4
  User has no authorization in the SAP System for such an action. If necessary, change the user master record.
  8
  Too many parameters (fields, values). Maximum allowed is 10.
  12
  Specified object not maintained in the user master record.
  16
  No profile entered in the user master record.
  24
  The field names of the check call do not match those of an authorization. Either the authorization or the call is incorrect.
  28
  Incorrect structure for user master record.
  32
  Incorrect structure for user master record.
  36
  Incorrect structure for user master record.
  If the return code value is 8 or 24, inform the person responsible for the program. If the return code value is 4, 12, 16 or 24, consult your system administrator if you think you should have the relevant authorization. In the case of errors 28 to 36, contact SAP because authorizations have probably been destroyed.
  Individual authorizations are assigned to users in their respective user profiles, i.e. they are grouped together in profiles which are stored in the user master record.
  Note
  Instead of ID name FIELD f, you can also write ID name DUMMY. This means that no check is performed for the field concerned.
  The check can only be performed on CHAR fields. All other field types result in 'unauthorized'.
  Example
  Check whether the user is authorized for a particular plant. In this case, the following authorization object applies:
  Table OBJ: Definition of authorization object
  M_EINF_WRK
     ACTVT
     WERKS
  Here, M_EINF_WRK is the object name, whilst ACTVT and WERKS are authorization fields. For example, a user with the authorizations
  M_EINF_WRK_BERECH1
     ACTVT 01-03
     WERKS 0001-0003 .
  can display and change plants within the Purchasing and Materials Management areas.
  Such a user would thus pass the checks
  AUTHORITY-CHECK OBJECT 'M_EINF_WRK'
      ID 'WERKS' FIELD '0002'
      ID 'ACTVT' FIELD '02'.
  AUTHORITY-CHECK OBJECT 'M_EINF_WRK'
      ID 'WERKS' DUMMY
      ID 'ACTVT' FIELD '01':
  but would fail the check
  AUTHORITY-CHECK OBJECT 'M_EINF_WRK'
      ID 'WERKS' FIELD '0005'
      ID 'ACTVT' FIELD '04'.
  To suppress unnecessary authorization checks or to carry out checks before the user has entered all the values, use DUMMY - as in this example. You can confirm the authorization later with another AUTHORITY-CHECK.
  Regards,
  ravi

• Reg: webservice - authority check failed

  hi friends
  i have created a Webservice for FM- BAPI_COMPANYCODE_GETLIST  . after creating that i have tested in the case then i found a error that
  "An error has occurred. Maybe the request is not accepted by the server :  Authority check failed "
  what are the necessary authority checks has to be done.
  Thanks & Regards
  suman

  Hi,
  Which WAS should it be the I configured. The ESA or our own?
  I have configured our own WAS as described in the tutorial. Here I tried to set up the username and password and I was able to send the request.
  But I'm just accessing the test system and it is there I get the error.

• Authority Check on B_USERSTAT not working

  Hi Gurus,
  I have a simple question on authority check that I cant quite understand.
  Basis has created auth key : ZWP_CCS, where by user with the auth key can create,change, delete.
  so, in my code, I have implemented the following. However, it seems that all user, even though from different auth key can still pass thru. Is there something that I miss? Thanks.
      AUTHORITY-CHECK OBJECT 'B_USERSTAT'
               ID 'ACTVT' FIELD '02'
               ID 'BERSL' FIELD 'ZWP_CCS'
               ID 'STSMA' FIELD 'ZS_IRC'.
  Edited by: Julius Bussche on Jan 1, 2009 1:32 PM
  More meaningfull subject title added.

  Hi
  use without qoutes if it is a variable .
  AUTHORITY-CHECK OBJECT 'B_USERSTAT'
  ID 'ACTVT' FIELD '02'
  ID 'BERSL' FIELD ZWP_CCS
  ID 'STSMA' FIELD ZS_IRC.
  and
  if sy-subrc <> 0.
  message " error ".
  endif.
  reg
  Ramya
  Edited by: Ramya S on Dec 31, 2008 5:43 AM

• Authority check on WAD with testuser-id in SingleSignOn-Environment

  Hello,
  i want to check some changes i have made in rsecadmin.
  i want to proof the changes with our testuser-id (xy_test).
  the problem is, that i want to check the changes in an Webapplication (WAD) in a SSO-Envirnoment.
  Everytime i open the link to the specific Webappliction the system is login in with my user-id (xy).
  I have no idea how to logon with the credentials of my testuser.
  Anyone some ideas?
  every hint is wellcome
  best regards
  Oliver

  Hi
  use without qoutes if it is a variable .
  AUTHORITY-CHECK OBJECT 'B_USERSTAT'
  ID 'ACTVT' FIELD '02'
  ID 'BERSL' FIELD ZWP_CCS
  ID 'STSMA' FIELD ZS_IRC.
  and
  if sy-subrc <> 0.
  message " error ".
  endif.
  reg
  Ramya
  Edited by: Ramya S on Dec 31, 2008 5:43 AM

• Authority check at field level in sales order

  Dear all, our business requirement is the following:
  only some users should be able to see the prices (including netwr, netpr,...) in the sales order depending on the authority check performed on the sales group field.
  This means that for an order of sales group 'A':
  a user of sales group 'A' can see the prices and change the order, a user of sales group 'B' cannnot see the prices but can change the order, a user of sales group 'C' can display the order but cannnot see the prices.
  I ask you if such a scenario can be realized in SAP.
  We currently run SAP ECC 5.0.
  thx all !
  bye Roberto

  Hi agree with Jan and Auke,
  To my knowledge it is object V_KONH_VKO which you are looking for. See the documentation in SU24 - SD class.
  But whether or not that will influence the visibility / editability of the screen in VA02 etc when turned the check on in SU24, I am not sure.
  If not, search the forum for topics relating to "transaction variants", "variant transactions" and "screen variants" to see whether those solutions will fulfill the requirement.
  Cheers,
  Julius

• Authority check on Creation of Purchase order usin badi BBP_ITEM_CHECK_BADI

  hi all,
  i have to apply authority checks on creation of Purchase order and shopping cart in SRM using badi BBP_ITEM_CHECK_BADI.
  i have applied checks on creation of shopping cart   using this badi which have some filters but how to apply on purchasing order using BBP_ITEM_CHECK_BADI.

  hi,
    You can use the BBP_DOC_CHECK_BADI.
  BR,
  Disha.
  Pls rewar points for useful answers.

• ALV GRID and AUTHORITY-CHECK

  Hi all !!! 
  I'm using the ALV Grid control with checkboxes and I want to control if the actual user have the appropriate authorization to check/uncheck them.
  In the AUTHORITY-CHECK call, I want to make the authorization test on the "DEPARTMENT" of the user (from Table USER_ADDR or SU01).
  For example :
  DEPARTMENT AA1 --> check/uncheck OK
  DEPARTMENT AA2 --> check/uncheck NOT OK
  DEPARTMENT AA3 --> check/uncheck OK
  ... etc.
  How can I do ? Create an new authorization object/field ?
  PS : it's the first time I'm using AUTHORITY-CHECK..

  Much of the data in an R/3 system has to be protected so that unauthorized users cannot access it. Therefore the appropriate authorization is required before a user can carry out certain actions in the system. When you log on to the R/3 system, the system checks in the user master record to see which transactions you are authorized to use. An authorization check is implemented for every sensitive transaction.
  If you wish to protect a transaction that you have programmed yourself, then you must implement an authorization check. 
  This means you have to allocate an authorization object in the definition of the transaction.
  For example:
  program an AUTHORITY-CHECK.
  AUTHORITY-CHECK OBJECT <authorization object> 
     ID <authority field 1> FIELD <field value 1>. 
     ID <authority field 2> FIELD <field value 2>. 
     ID <authority-field n> FIELD <field value n>. 
  The OBJECT parameter specifies the authorization object.
  The ID parameter specifies an authorization field (in the authorization object).
  The FIELD parameter specifies a value for the authorization field.
  The authorization object and its fields have to be suitable for the transaction. In most cases you will be able to use the existing authorization objects to protect your data. But new developments may require that you define new authorization objects and fields.
  Example ;
  REPORT  EXAMPLE MESSAGE-ID Z1.
  TABLES: USR02.
  PARAMETERS: LOCK AS CHECKBOX, LISTLOCK AS CHECKBOX.
  DATA: UFLAGVAL TYPE I, LOCKSTRING(8) TYPE C.
  ---- Authorization check -
  AUTHORITY-CHECK OBJECT 'ZPROG_RUN' ID 'PROGRAM' FIELD SY-CPROG.
  IF SY-SUBRC <> 0.
    IF SY-SUBRC = 4.
      MESSAGE E000 WITH SY-CPROG. "some message about authorization check failure
    ELSE.
      MESSAGE E005 WITH SY-SUBRC. "some message about authorization check failure
    ENDIF.
  ENDIF.
  IF LISTLOCK = 'X'.
    WRITE:/ 'List all locked users: '.
    SELECT * FROM USR02 WHERE UFLAG = 64.
      WRITE: / USR02-BNAME.
    ENDSELECT.
    EXIT.
  ENDIF.
  IF LOCK = 'X'.
    UFLAGVAL = 64.                       "lock all users
    LOCKSTRING = 'locked'.
  ELSE.
    UFLAGVAL = 0.                        "unlock all users
    LOCKSTRING = 'unlocked'.
  ENDIF.
  SELECT * FROM USR02 WHERE BNAME <> 'SAP*' AND BNAME <> SY-UNAME.
    IF USR02-UFLAG <> 0 AND USR02-UFLAG <> 64.
      WRITE: 'User', USR02-BNAME, 'untouched; please handle manually.'.
      CONTINUE.
    ENDIF.
  check that user has authority to make these changes
    AUTHORITY-CHECK OBJECT 'S_USER_GRP'
        ID 'CLASS' FIELD USR02-CLASS
        ID 'ACTVT' FIELD '05'.
    IF SY-SUBRC <> 0.
      IF SY-SUBRC = 4.
        WRITE: /'You are not authorized to lock/unlock user ',
          USR02-BNAME, USR02-CLASS.
      ELSE.
        WRITE: /'Authorization error checking user ',
               USR02-BNAME, USR02-CLASS, '(return code', SY-SUBRC, ').'.
      ENDIF.
    ELSE.                                "has authority
      UPDATE USR02 SET UFLAG = UFLAGVAL WHERE BNAME = USR02-BNAME.
      WRITE: / 'User', USR02-BNAME, LOCKSTRING, '.'.
    ENDIF.

• Company code authority check

  Hi
  we have created ZTTL01 table maintenance view. Should not allow unauthorized company code to update/create or display.
  I searched thru forums and collected below points. but could not test it successfully.
  Authorization object (Z_XXX_BUK) was created.But <Permitted activities> Button is not available in display authorization object(SU21) to see what are the activities are permitted.
  In su01 for my user no roles or profiles are defined.
  To do
  Trying to write  below code in PBO and PAI flow logic of ZCHECK_BUK table for screen 01
  PBO & PAI
  *First statement
  Module Authorictycheck.
  module Authoritycheck
    LOOP AT EXTRACT.
      AUTHORITY-CHECK OBJECT 'ZCHECK_BUK'
                          ID 'ACTVT' FIELD '01,02,03'
                          ID 'BUKRS' FIELD ZTTL01-BUKRS.
      IF sy-subrc <> 0.
        MESSAGE e000(zrpt) WITH 'You do not have the authorization to'
      EXIT.                          'access Bukrs'extract-bukrs.
      ENDIF.
    ENDLOOP.
  endmodule
  Can i use above code in PBO and PAI to check change of company code?
  I am sharing role and profile created by other user, which allows only company code 'A10'.
  How to test this now?
  se11->Utilities->table contents create should not allow me to input A11 or other company codes? pls confirm.
  Regards
  Chandra

  Hi Suhas
  Regarding 1) It works when i remove the FORM routine assinged for EVENTS.
  Thanks for ur input.
  Regarding 2)When the user displays record in SM30 for a table, he must not be able to see the company code AD01.
  To achieve this can i use EVENT AA?
  I create FORM routine <hide_cocode> in EVENT AA and store at include LZXXXXF01.
  FORM ZHIDE_COCODE.
  DATA: F_INDEX LIKE SY-TABIX."Index to note the lines found"
  LOOP AT TOTAL.
  READ TABLE EXTRACT WITH KEY <vim_xtotal_key>.
  IF SY-SUBRC EQ 0.
  F_INDEX = SY-TABIX.
  ELSE.
  CLEAR F_INDEX.
  ENDIF. "(make desired changes to the line TOTAL)
  MODIFY TOTAL.
  CHECK F_INDEX GT 0.
  EXTRACT = TOTAL.
  MODIFY EXTRACT INDEX F_INDEX.
  *ENDIF.
  ENDLOOP.
  SY-SUBRC = 0.
  ENDFORM.
  I made break point at line LOOP at Total. and executed SM30 and clicked Display button.
  Sorry Code stops here and table TOTAL has flat line structure of empty.Loop at total is skipping
  what should be done now?
  Regards
  Chandra

• Authority check on company code

  Hi ,
        How i need to check whether the company codes in an internal table is having creation access to the particular user or not ?.
       In authority check what is  ACTVT - 01,02,03  signifies ??
  Thanks in adv.
  varma

  LOOP ...
  AUTHORITY-CHECK OBJECT 'F_LFA1_BUK'
  ID 'BUKRS' FIELD T_COMP_CODES-BUKRS
  ID 'ACTVT' FIELD '01'.
  IF SY-SUBRC <> 0.
  move  w_COMP_CODES-bukrs to (itab1).
  ENDIF.
  AUTHORITY-CHECK OBJECT 'F_LFA1_BUK'
  ID 'BUKRS' FIELD T_COMP_CODES-BUKRS
  ID 'ACTVT' FIELD '02'.
  IF SY-SUBRC <> 0.
  move  w_COMP_CODES-bukrs to (itab2).
  ENDIF.
  ENDLOOP.
  Hence segregating all the Company codes as per the authorization.

• Authority check in hr payroll infotype report

  Hi all,
  We have developed a report which gives infotypewise employee details.here we are checking authority for reading employee data.we are applying authority check at selection-screen and while reading the data from database tables.following is the sample code.
  do .
  if  s_abkrs-high < s_abkrs-low.
      authority-check object 'P_PCR'
                id 'ABRKS' field s_abkrs-high
                id 'ACTVT' field '01'
                id 'ACTVT' field '02'.
      if sy-subrc <> 0.
        message id 'ZHR_ERRMSGS' type 'E' number '292' with s_abkrs-low.
      endif.
  exit.
  endif.
      authority-check object 'P_PCR'
                id 'ABRKS' field s_abkrs-low
                id 'ACTVT' field '01'
                id 'ACTVT' field '02'.
      if sy-subrc <> 0.
        message id 'ZHR_ERRMSGS' type 'E' number '292' with s_abkrs-low.
      endif.
    s_abkrs-low = s_abkrs-low + 1.
  enddo.
  my senior says this code is right but it is not checking authority for all infotypes.can anyone suggest what changes are required in this code so that it will check authority for all infotypes.
  Thanks in advance.
  Regards,
  Harshada

  Hi ,
        A select-option will have a structure with four fields (sign , option , low , high) .
        So if you want to use your below code : you cannot check authority.
  loop at s_abkrs.
  authority-check object 'P_PCR'
  id 'ABRKS' field s_abkrs  <-- is an internal table
  id 'ACTVT' field '01'
  id 'ACTVT' field '02'.
  if sy-subrc 0.
  message id 'ZHR_ERRMSGS' type 'E' number '292' with s_abkrs-low.
  endif.
  endloop.
  The other option is :
  If your select option has values only in low ... then you can loop thru it ...
  loop at s_abkrs.
  authority-check object 'P_PCR'
  id 'ABRKS' field s_abkrs-low
  endloop.
  Regards,
  Srini.

• Reg:Single Check for Multiple Vendors

  Hi Experts,
  I want to Issue a Single check for all vendor open items...
  For this is I created one Group Key and assigned in the vendor master record, but while doing the payment separate check issuing for each vendor,
  any idea

  Hi,
  Can you check the below thread of urs.
  [Reg:Single Check for Multiple Vendors]
  In addition to the above, please make sure that in OBVU, the check box separate payment for each ref is deselected for your questioned comapny code.
  You would have continued your earlier thread instead, rather than a new thread.
  Thanks,
  Srinu

• Web Service Homepage: Authority check failed

  Dear Colleagues,
  I have created a Web Service and now I want to test it via its Web Service Homepage (TA WSADMIN). The Homepage is displayed correctly, but testing leads to an error:
  Authority check failed
  Are there any prerequisites I maybe do not accomplish?
  (I tested a very similar web service in another system, and there it works)
  Here are some more information about my service:
  - Service was build with Web Service Wizzard out of a function module
  - Here you can see the conversation resulting of the test:
  POST /sap/bc/srt/rfc/sap/Z_TEST_Q73_CONFIG_WS?sap-client=003 HTTP/1.1
  Host: bsl8011.wdf.sap.corp:50073
  Content-Type: text/xml; charset=UTF-8
  Connection: close
  Cookie: <value is hidden>
  Cookie: <value is hidden>
  Authorization: <value is hidden>
  Content-Length: 381
  SOAPAction: ""
  <?xml version="1.0" encoding="UTF-8" ?>
  <SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xs="http://www.w3.org/2001/XMLSchema">
  <SOAP-ENV:Body>
  <ns1:Z_TEST_WS_CONFIG xmlns:ns1='urn:sap-com:document:sap:rfc:functions'>
  <INPUT>TEST</INPUT>
  </ns1:Z_TEST_WS_CONFIG>
  </SOAP-ENV:Body>
  </SOAP-ENV:Envelope>
  HTTP/1.1 500 Internal Server Error
  content-type: text/xml; charset=utf-8
  content-length: 363
  sap-srt_id: 20060404/125124/v1.00_final_6.40/1B0831447838C429E10000000A424016
  server: SAP Web Application Server (1.0;700)
  <soap-env:Envelope xmlns:soap-env="http://schemas.xmlsoap.org/soap/envelope/">
  <soap-env:Body>
  <soap-env:Fault>
  <faultcode xmlns:n0="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">n0:FailedAuthentication</faultcode>
  <faultstring xml:lang="e">Authority check failed</faultstring>
  </soap-env:Fault>
  </soap-env:Body>
  </soap-env:Envelope>
  The WSDL-Document looks as follows:
  <?xml version="1.0" encoding="utf-8"?><wsdl:definitions targetNamespace="urn:sap-com:document:sap:rfc:functions" xmlns:http="http://schemas.xmlsoap.org/wsdl/http/" xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/" xmlns:tns="urn:sap-com:document:sap:rfc:functions" xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/" xmlns:xsd="http://www.w3.org/2001/XMLSchema"><wsdl:types><xsd:schema xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:tns="urn:sap-com:document:sap:rfc:functions" targetNamespace="urn:sap-com:document:sap:rfc:functions" elementFormDefault="unqualified" attributeFormDefault="qualified"><xsd:simpleType name="char60"><xsd:restriction base="xsd:string"><xsd:maxLength value="60"/></xsd:restriction></xsd:simpleType><xsd:element name="Z_TEST_WS_CONFIG"><xsd:complexType><xsd:sequence><xsd:element name="INPUT" minOccurs="0" type="tns:char60"/></xsd:sequence></xsd:complexType></xsd:element><xsd:element name="Z_TEST_WS_CONFIGResponse"><xsd:complexType><xsd:sequence><xsd:element name="OUTPUT" type="tns:char60"/></xsd:sequence></xsd:complexType></xsd:element></xsd:schema></wsdl:types><wsdl:message name="Z_TEST_WS_CONFIG"><wsdl:part name="parameters" element="tns:Z_TEST_WS_CONFIG"/></wsdl:message><wsdl:message name="Z_TEST_WS_CONFIGResponse"><wsdl:part name="parameters" element="tns:Z_TEST_WS_CONFIGResponse"/></wsdl:message><wsdl:portType name="Z_TEST_Q73_CONFIG_WS"><wsdl:operation name="Z_TEST_WS_CONFIG"><wsdl:input message="tns:Z_TEST_WS_CONFIG"/><wsdl:output message="tns:Z_TEST_WS_CONFIGResponse"/></wsdl:operation></wsdl:portType><wsdl:binding name="Z_TEST_Q73_CONFIG_WSSoapBinding" type="tns:Z_TEST_Q73_CONFIG_WS"><soap:binding style="document" transport="http://schemas.xmlsoap.org/soap/http"/><wsdl:operation name="Z_TEST_WS_CONFIG"><soap:operation soapAction=""/><wsdl:input><soap:body use="literal"/></wsdl:input><wsdl:output><soap:body use="literal"/></wsdl:output></wsdl:operation></wsdl:binding><wsdl:service name="Z_TEST_Q73_CONFIG_WSService"><wsdl:port name="Z_TEST_Q73_CONFIG_WSSoapBinding" binding="tns:Z_TEST_Q73_CONFIG_WSSoapBinding"><soap:address location="http://bsl8011.wdf.sap.corp:50073/sap/bc/srt/rfc/sap/Z_TEST_Q73_CONFIG_WS?sap-client=003"/></wsdl:port></wsdl:service></wsdl:definitions>
  Can anyone help me, I have no Idea
  Message was edited by: Hans-Peter Bauer

  The message server defined in the SAP-Logon is us4278.wdf.sap.corp
  But the url of the web service starts with  http://us4185:58500/wsnavigator/jsps/explorer.jsp?description=WebServiceZ_TEST_Q73_CONFIG_WS
  But I think that's not the problem, is it? As I mentioned above the test page can be shown, but the after filling in the input parameters an pressing send, there appears the authorisation error.
  For better illustration I made some screenshots for you:
  1) http://wipux2.wifo.uni-mannheim.de/~wi01211/sonstiges/WS_HOMEPAGE_OVERVIEW.gif
  2) http://wipux2.wifo.uni-mannheim.de/~wi01211/sonstiges/WS_HOMEPAGE_TEST_INPUT_FORM.gif
  3) http://wipux2.wifo.uni-mannheim.de/~wi01211/sonstiges/WS_HOMEPAGE_TEST_reqest_response.gif
  What can be wrong, if the error "n0:FailedAuthentication" appears?
  Regards,
  Peter
  Message was edited by: Hans-Peter Bauer

• How to use the AUTHORITY-CHECK in ABAP

  I am a security guy but am trying to understand how the AUTHORITY-CHECK works. I have read the help on it but it doesn't answer to my understanding. I want a check in a report so that no matter what the user selects the program goes out and checks the authorization in the users master record and only displays what he has access to. I am sure this is basic but I am not a programmer.
  Thanks

  Hi Greg,
    Basically a AUTHORITY-CHECK is a programmatic way to check a auth object a user has.  This is only as good as the person writing the code makes is.
  Here is a basic example of how it could work.  Lets say you have auth objects for users that limit them to see company code. User A can see cc 10, User B can see cc 20 and user C can see both.
  In the code the programmer would have to first do the authcheck to see what CC the user has access to.  Then they would have to limit his reporting based on the results of the authority check.  So they might do it by saying SELECT * FROM XYZTAB WHERE COMPANY CODE = AUTHCC
  This is what I think you are looking for.  There are other ways to use the auth check.  You can do a check and end the program with a message if they don't have authorization. 
  If you need more info, let me know
  John