cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

limit download to local for some t.code

Former Member

on ‎06-02-2008 5:28 AM

0 Kudos

dear all,

we want to limit our user access to save to local file by means of authorization. we have done it via authorization object S_GUI, but this is valid for all t.codes in the role. our problem is, we only want for specific t.codes from all t.codes assigned to role.

say user A having role ZSAP_ABC which lists tcode SM37, SP02, SU3 and SBWP. we only want to restrict download to local only for tcode SM37, but not for any others t.codes without separating this t.code into two new tcodes (say ZSAP_ABC_download and ZBC_ABC_no_download)

is this possible ? how we can do that ?

thank you

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (4)

Answers (4)

Former Member
‎06-26-2008 2:16 PM
0 Kudos

Hi,

You are not able to restrict through S_GUI is because it is having only one field-Activity. So we are not able to restrict in Tcode level. My suggetion is to create another Auth Object with two fields, one for Tcode and one for Activity and assign the Tcode which needed to be downloaded there. Add this object to the role. In this case only one role is sufficient. No need to assign S_GUI.

I think this solves your problem

Regards,

Prabhu K

Show replies
Show replies
Former Member
‎06-28-2008 4:50 AM
0 Kudos

hi Prabhu,

donwload to local file can be done in many ways :

- hit button export from screen

- using menu path : system > list > save > local file

etc.

all of them (both SAP standard or Z-program) is linked with authorization object S_GUI to be able to download to local file. if we follow your suggestion, must we change all SAP standard program and Z-program in which S_GUI exist ?? ... and replacing S_GUI with the new authorization object made ??

not an implementable solution, but anyway thank your for your suggestion

rgds,

Alfonsus Guritno

Former Member
‎06-02-2008 9:29 AM
0 Kudos

hi,

lets take a look for this simple example :

1. we have role Z_ABC consist of MM01, MM02, MM03, SP02 and SM37. All authorization object related to this five transaction codes have been defined correctly.

2. now we want to restrict, only SP02 and SM37 is allowed to be downloaded to local.

3. then you say we have to assign downloadable t-codes (SP02, SM37) into role Z_ABC_DL and un-downloadable t-codes (MM01, MM02, MM03) into role Z_ABC_NO_DL (separated)

4. then we assign authorization object S_GUI (full authority) to Z_ABC_DL in order to allow t-codes able to be downloaded. (roles Z_ABC_NO_DL is left without object S_GUI assigned)

5. from point 4 we have temporary conclusion that Z_ABC_DL (SP02 and SM37) is able to download, and Z_ABC_NO_DL (MM01, MM02, MM03) is unable to download, right ?

6. then we assign this two roles (Z_ABC_DL and Z_ABC_NO_DL) into the same user, say user ADMIN.

7. from point no.6, t-codes that should not be able to be downloaded by ADMIN become able to be downloaded because of the existence of objects S_GUI. When executing MM03, and download to local, it will checks the authorization object S_GUI for user ADMIN from available roles (Z_ABC_DL and Z_ABC_NO_DL) - and BANG! object S_GUI (prerequisities of download data to local) is found in one role : Z_ABC_DL.

not a good idea, right ?

rgds,

alfonsus guritno

Edited by: Alfonsus Guritno on Jun 2, 2008 3:50 PM

Show replies
Show replies
Former Member
‎06-02-2008 7:00 AM
0 Kudos

Hi Alfonsus,

Yes you can do, go in pfcg and select this profile. In the said profile you can give access only for view for sm37.

Regards,

Anil

Show replies
Show replies
Former Member
‎06-02-2008 6:16 AM
0 Kudos

Hi

yes it is possible.

Using PFCG assign particular roles.

Assign particular tcodes to the role specified like download and not download roles and assign the users and do comparision, which solves your problem.

Regards

Bhaskar

Edited by: bhaskar1818 on Jun 2, 2008 10:46 AM

Show replies
Show replies
Ask a Question