Skip to Content
0

SE38 Authorization by Exclusions

Sep 25, 2017 at 07:38 PM

84

avatar image

I would like to create an authorization group for t-code SE38 - that excludes a handful of programs.

so for example it would give the user access to all SE38 reports - except the few listed.

10 |10000 characters needed characters left characters exceeded
* Please Login or Register to Answer, Follow or Comment.

3 Answers

Best Answer
Colleen Hebbert
Sep 26, 2017 at 03:07 AM
0

Hi Shane

Each program would need to be in auth group. Read up on S_PROGRAM/S_PROGNAM authorisations

It might be more pain than worth. If you change auth groups on standard programs then you might have issues with your security access and have to go through to update SU24 for impacted transactions

Generally, avoiding SE38 being granted to users in production and then build custom transactions when you want to provide access as you won't know if you have excluded all critical/risk programs that you need to.

Regards

Colleen

Share
10 |10000 characters needed characters left characters exceeded
Shane Kelly Sep 26, 2017 at 03:35 PM
0

normally - I agree - except I'm the system administrator - so I need SE38. But our auditors don't want me running two specific programs that could delete audit logs. I'm not sure how else to do that.

Show 1 Share
10 |10000 characters needed characters left characters exceeded

You could test running those programs to see if s_dataset for actvt 06 is also checked and make sure not assigned as extra check

1
Mohammed Rizwan Oct 11, 2017 at 03:34 PM
0

SE38 is very powerful Tcode, as you able to modify any program, Please go with SA38.

  • Give SA38
  • Map all programs to a Authorization groups
  • its a one time activity but will secure all standard and custom programs as well.
Share
10 |10000 characters needed characters left characters exceeded