I wrote some ABAP code which allows to call a SAP report via RFC and return the result as JSON.
Now it would be very nice, if I could determine which reports a given user is allowed to execute.
Is there a way to get the list of reports which the current user is allowed to execute?
Authorisation in SAP is managed using Authorisation Objects, which contain a list of authorisation fields (tcodes, programs, etc) with the role(s) that are allowed to access them. These Authorisation Objects can be displayed and maintained using transaction code SU21 (Maintain Authorisation Objects).
You can use the User Information System (transaction code SUIM) to see existing roles and the authorisation objects that are associated with them. If you need to maintain roles, you can do so in Role Maintenance (transaction code PFCG).
You can check which role a specific user is assigned to by checking the Roles tab in User Maintenance (transaction code SU01). In this transaction, you can also reassign specific users to a certain role.
I recommend reading through the ‘Authorisation Concept’ help page on the SAP website, which details the approach to protection and security in SAP. I would also recommend this page on Authorisation Checks, which provides some background on how the SAP standard authorisation objects are organised.
You can use transaction SUIM to find out the transactions / reports are allowed to execute for specific user.
