Checking logged users' permissions by comparing their name to a hardcoded string can create security vulnerabilities. It prevents system administrators from changing users' permissions when needed (example: when their account has been compromised). Thus system fields ``++SY-UNAME++`` and ``++SYST-UNAME++`` should not be compared to hardcoded strings. Use instead ``++AUTHORITY-CHECK++`` to check users' permissions.


This rule raises an issue when either of the system fields ``++SY-UNAME++`` or ``++SYST-UNAME++`` are compared to a hardcoded value in a ``++CASE++`` statement or using one of the following operators: ``++=++``, ``++EQ++``, ``++<>++``, ``++NE++``.


== Noncompliant Code Example

----
IF SY-UNAME = 'ALICE'. " Noncompliant
ENDIF.

CASE SY-UNAME.
WHEN 'A'. " Noncompliant
ENDCASE.
----


== Compliant Solution

----
AUTHORITY-CHECK OBJECT 'S_CARRID' 
  ID 'CARRID' FIELD mycarrid.
IF sy-subrc <> 0. 
  MESSAGE 'Not authorized' TYPE 'E'. 
ENDIF. 
----


ifdef::env-github,rspecator-view[]
== Comments And Links
(visible only on this page)

include::comments-and-links.adoc[]
endif::env-github,rspecator-view[]