Skip to Content
avatar image
Former Member

How to limit a report's output with display only access for few users?

Hi All,

We have a custom t-code developed in CRM for executing a report and its output gets displayed in a table. Now there is a business requirement to restrict the authorization for the table fields to only 'Display' for selected users. I have checked with the developers and they have not included any authority check in their code. Please let me know, if this can be controlled by using the standard auth objects or can we go for a customizing auth object? I have tried restricting the access using S_TABU_DIS and S_TABU_NAM and didn't work. Can someone please share your thoughts?

Thanks,

PD

Add comment
10|10000 characters needed characters exceeded

  • Get RSS Feed

6 Answers

  • Best Answer
    Nov 05, 2015 at 08:00 AM

    Hi

    If you have custom code you need to add authorization checks.

    Build in SAP code checks are executed when you call standard code (like function module) from your ABAP.

    Regards

    Przemek

    Add comment
    10|10000 characters needed characters exceeded

  • avatar image
    Former Member
    Nov 05, 2015 at 09:12 AM

    Przemek is right, you should ask developer to modify their code to add the authorization check.

    Add comment
    10|10000 characters needed characters exceeded

  • avatar image
    Former Member
    Nov 03, 2015 at 08:58 AM

    Hi PD,

    Usually, authorization object S_ATBU_DIS and S_TABU_NAME is for table access.

    If you want to restrict the access to a report, you could package this report to a customized transaction, and only give users the authorization to transactions, but not SE38 to run the report.

    The action to directly access to SE37 and SE38 should be strictly restricted in production system.

    Best regards,

    Candy

    Add comment
    10|10000 characters needed characters exceeded

  • avatar image
    Former Member
    Nov 05, 2015 at 08:40 AM

    for Custom tcode you have to use a authority check statement with sy-ucomm for restricting downloading and for standard tcodes you can restrict downloading by auth object S_GUI

    Add comment
    10|10000 characters needed characters exceeded

  • Nov 19, 2015 at 02:51 PM

    Hi Preethi,

    The comments below have reason.

    If you want restrict by S_TABU_DIS or S_TABU_NAME, first, the developers needs add an Authority-Check in the corresponding user-exist/enhancement, etc of the required program.

    When the program have the authority-checks added andc work, you need add the authorization objects in your roles to restrict it for table names or authority groups.

    Best regard.

    Add comment
    10|10000 characters needed characters exceeded

  • avatar image
    Former Member
    Dec 10, 2015 at 04:10 AM

    Thank you all. We created a custom auth object and the developer included the auth check to the code and we got the desired result.

    Rgds,

    PD

    Add comment
    10|10000 characters needed characters exceeded