A developer wrote a custom report. It uses some fields that are sensitive. I tell developer he must write AUTHORITY-CHECK into the code and then he asks me "ok... I will do that, but which authorization objects should I check?". Well both of us don't know how to find auth objects containing certain fields.
Best I can think of is searching USOBT table. if no match, search USOBT_C table. then if no match, conclude that no existing auth objects use that field. But is there a better way? maybe SE80 or some workbench tools?
Basically how do ABAP developers know which authorization objects need to be checked in a custom program/report?