Skip to Content
author's profile photo
Former Member

Security problem with BEx reports ?

Hi,

This is my first post on the sdn !

We have, what seems to be, a security problem with our online BW reports. When the user is logged, he could access to an authorized report. Ok ... but, in the url he can replace the technical name of the query (if he knows one of them) and access to an unauthorized report, because I think the authentification phase is just done one time, but I can be mistaken.

How could I solve this problem ? with "Logon Procedure" options in the SICF transaction, when I click on sap > bw > BEx ?

Any help will be appreciated !

Thanks,

JW.

Add comment
10|10000 characters needed characters exceeded

  • Follow
  • Get RSS Feed

3 Answers

  • Best Answer
    Oct 11, 2007 at 05:20 PM

    Sir,

    It depends on where you placed the query. SICF is NOT the right transaction.

    It's either SU01 or PFCG depending on ow your security guy set you up.

    You can go to SU53 after he gets the security violation and see the results.

    Hope that helps you.

    Add comment
    10|10000 characters needed characters exceeded

  • author's profile photo
    Former Member
    Oct 11, 2007 at 05:24 PM

    Dear John,

    This is completely authorization issue, Please take advice of basis administrator. Explain him all the problem. Surely u problem is answerable.

    Regards,

    Siddhardh

    Add comment
    10|10000 characters needed characters exceeded

  • author's profile photo
    Former Member
    Oct 12, 2007 at 07:10 AM

    Hi,

    Thanks for our replies. I will ask to an administrator about this security problem, now I know it depends of a security parameter.

    But I would know if it could be possible to hide the technical name of the query in the url. It could improve the security level of our reports in a first time in this way.

    Thanks a lot,

    JW.

    Add comment
    10|10000 characters needed characters exceeded