11-05-2015 10:50 AM
hi,
we want user to only execute report 'ZABC" only in the system. i know we can restrict this by giving S_DEVELOP with PROG and actvt 03 and 16 and program name as object name. But my security team is not comfortable with giving S_DEVELOP. is there any authorisation object that we can use to restritct user run only specific report.
thanks,
sankar.
11-05-2015 11:34 AM
Create a new transaction code for this report, and don't give them SE38 or S_DEVELOP at all.
Steve.
11-05-2015 11:33 AM
11-05-2015 11:34 AM
Create a new transaction code for this report, and don't give them SE38 or S_DEVELOP at all.
Steve.
11-05-2015 1:50 PM
Sankar,
I completely agree with Steve's recommendation, and to add on to that, going forward I strongly suggest security code reviews, or at a minimum, getting input from someone in the organization who has a solid grasp of the authorization concept and controls in SAP, before the security model and controls environment is compromised by developers who understand neither. If there is no such person on the project/ on staff, training and/or hiring is in order.
Gretchen
11-06-2015 4:22 AM