Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

I want to revoke rights so users cannot schedule periodic jobs

Former Member

‎12-05-2007 12:38 PM

0 Kudos

We do encourage users to run reports in Background but we want to prevent them from scheduling periodic jobs.

We want to have more controll over periodic jobs as we observed that users schedule them and then forget about them.

Morover this has become our audit recommendation.

As far as I can see there is no standard way to do it.

Has anyone managed to achieve it?

3 REPLIES 3

Former Member

‎12-05-2007 2:39 PM

0 Kudos

Hi..

while searching for the answer i have seen following interesting point.chk whether this will help you..

A job is eligible to start when both of the following are true:

The start condition specified for the job is met.

The job has been released to run.

No job can be run until it has been released, even those scheduled to start immediately. To monitor and control what jobs are submitted to run in background processing, the system can be configured so an administrator can check jobs before releasing them to run.

The release requirement can also be turned off on a per-user basis. Trusted users can be given a special authorization (authorization object S_BTCH_JOB (Batch Processing: Operations on Batch Jobs), value RELE) which will automatically and immediately release any job scheduled by that user.

http://help.sap.com/saphelp_nw2004s/helpdata/en/20/2d513897110872e10000009b38f889/content.htm

thank you

<b><removed_by_moderator></b>

Former Member

‎12-05-2007 3:47 PM

0 Kudos

There is no standard authority check for scheduling a job as periodic job. I propose 2 different ways to manage the problem:

1. Enhance the SAP-Standard program ( function group BTCH, Dynpro 1010 ). For example: suppress input-possibility of field BTCH1010-PERIODIC in Modul pbo_1010 if the user has not special rights (S_BTCH_ADM).

2. Control the jobs, e.g. with table TBTCO via se16.

Former Member

‎12-05-2007 5:38 PM

0 Kudos

Kudos for starting standards for future auditing.

I agree and you definitely do not want users creating batch jobs [SM36]. Basis should be the one creating the jobs with whatever variant requirements the functional folks needed. You should also do this with a system user ID and not a person's ID. Why? When that person leaves and the account is invalidated all the jobs are going to bomb!

I suggest to just give the users SM35 & SMX. If you have to give them SM37, restrict them down to the reports/logs they can see, ie [ZFI-RPT*, for let say FI reports]. Remember if some of these reports are HR sensitive data anybody with SM37 full access can get all the SSN or worst paycheck info.on the report.

Let me know if you want me to go into detail on the SM37 restrictions.

Good Luck!