The advantage of having functions such as 'Create Object', 'Read Object', 'Update Object' and 'Delete Object' in separate transactions is that it becomes a very simple matter to grant or deny access to individual functions simply by setting or unsetting a switch on the Menu database. This means that all security checking can be performed in the menu system before a transaction is activated rather than within the transaction itself after it has been activated.
The list of Transactions which a User is allowed to access is known an Access Profile, and is held on the MNU-TRAN-ACCESS table within the Menu database, as shown in Figure 1. Access Profiles are not created for individual Users, they are created for Security Classes. Each User must belong to one of these Security Classes, so by changing the Access Profile for a Security Class you effectively change the Access Profile for all Users of that Security Class.
Figure 1 - Database Structure
There are two ways of viewing and maintaining the contents of MNU-TRAN-ACCESS:
This Access Profile is used in two places:-