4

I've been a Java developer having a limited knowledge about ABAP.

While trying to understand the SAP Authorization concept, I came across the terms Authorization Objects and an Object Class.

Now as per my understanding of Object Oriented concepts, an Object is a run time instance of a Class.

So I'm a bit confused with the term ABAP Objects and an Object Class.

Can someone please answer my following questions:

  1. What is the meaning of the term "Object Class" in ABAP?

  2. What does Authorization Object mean? Since objects are created at run time, how can we create an object at design time?

Any replies will be of great help.

Sandra Rossi
  • 11,934
  • 5
  • 22
  • 48
n_g
  • 3,315
  • 8
  • 25
  • 29

1 Answers1

4

Well, I've found this nice link which explains very well the concepts.

The main idea is: in SAP, you will hear the term "class" and "object" being used a lot. They don't mean anything like the concepts from OO. An authorization class is just a general description of "what you're allowed to do", whereas an authorization object is a more particular description of that.

Authorization objects can be used programmatically to check if a user has the right to "x"... and as a DEV, you can forget to check for them, which can cause security issues :).

Mike
  • 14,010
  • 29
  • 101
  • 161
vlad-ardelean
  • 7,480
  • 15
  • 80
  • 124
  • 2
    This is mostly correct, just please forget about the "authorization class is just a general description of what you're allowed to do" part. Authorization classes are there to group the authorization objects by application area so that you don't have to browse a poorly sorted list of thousands of auth objects. That's about all, there's no deeper meaning in it. – vwegert Aug 18 '12 at 14:01
  • @vlad-ardelean - Thanks for the reply and the link. So, does this mean that an authorization class is just a container for several authorization objects. Is this always the definition of an object and a class in ABAP? – n_g Aug 18 '12 at 15:48
  • @vwegert - Thanks a lot for the reply! I would also like to know your opinion on the above question which I've asked to vlad-ardelean. – n_g Aug 18 '12 at 15:50
  • 1
    @n_g: No, these are just names for stuff. "Small Permission Stuff definitions" and "Folders For Small Permission Stuff Definitions" don't sound too professional, so they named them "Authorization Objects" and "Authorization Class" instead. As vlad-ardelean said, don't try to read every "object" and "class" in the OO way. – vwegert Aug 18 '12 at 16:45
  • @vwegert - Thanks a lot for such a detailed explanation. You've been very helpful. – n_g Aug 18 '12 at 17:19
  • glad i could help. i'm a java guy too, just got into abap a couple months back, so i understand that some comcepts are weird at first... well, actually they keep being weird even as time goes on :) – vlad-ardelean Aug 19 '12 at 16:04
  • @vwegert - I've posted one more question related to this. It would be great if you can share you thoughts on it since I've got no replies till now. The question is at http://stackoverflow.com/questions/12067926/what-does-the-generate-authorization-process-do-and-what-is-a-profile – n_g Aug 22 '12 at 11:33
  • @vlad-ardelean - Could you also share your thoughts on this question of mine: http://stackoverflow.com/questions/12067926/what-does-the-generate-authorization-process-do-and-what-is-a-profile – n_g Aug 22 '12 at 11:53