Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Showing results for 
Search instead for 
Did you mean: 

authorisation to execute report from SE38

former_member184741
Active Contributor
0 Kudos

hi,

we want user to only execute report 'ZABC" only in the system. i know we can restrict this by giving S_DEVELOP with PROG and actvt 03 and 16 and program name as object name. But my security team is not comfortable with giving S_DEVELOP. is there any authorisation object that we can use to restritct user run only specific report.

thanks,

sankar.

1 ACCEPTED SOLUTION

steverumsby
Active Contributor
0 Kudos

Create a new transaction code for this report, and don't give them SE38 or S_DEVELOP at all.

Steve.

4 REPLIES 4

abhishek_sehgal
Explorer
0 Kudos

S_program

steverumsby
Active Contributor
0 Kudos

Create a new transaction code for this report, and don't give them SE38 or S_DEVELOP at all.

Steve.

Former Member
0 Kudos

Sankar,

I completely agree with Steve's recommendation, and to add on to that, going forward I strongly suggest security code reviews, or at a minimum, getting input from someone in the organization who has a solid grasp of the authorization concept and controls in SAP, before the security model and controls environment is compromised by developers who understand neither. If there is no such person on the project/ on staff, training and/or hiring is in order.

Gretchen

0 Kudos

hi Gretchen,

I agree with you. thanks for your suggestion.

thanks,

sankar.