Skip to Content
avatar image
Former Member

Authorization of Report Painter GRR3


Kindly help me to restrict our users on Tcode GRR3 for Report Painter.

There are number of reports under Report >>> Library.

on authorization at PFCG I created a role and has only one tcode GRR3. under this there are four objects

Report Writer: Report

Report Writer: Libaray

Report Writer: Report Group

how I restrict users at this to define authorization group ???? is this work able.



Add comment
10|10000 characters needed characters exceeded

  • Get RSS Feed

4 Answers

  • Best Answer
    avatar image
    Former Member
    Aug 19, 2009 at 02:44 PM

    Check in SU24 for the objects associated with tcode GRR3. You may want to change the check indicator to check/maintain to bringin that authorization object into PFCG role maintenance.

    Add comment
    10|10000 characters needed characters exceeded

    • Hello Asim,

      Check Indicator for Authorization Object:

      indicates, if the object will be checked. Of course the auhtority-check must be started in the coding. Please refer to :

      Authorization Proposal (Status):

      Values, which will be inserted automatically into pfcg as proposal when entering the t-code in the roles menu.

      The first 2 a.m. columns represent the su24-data (used for pfcg), row 3 and 4 represent the su22-data(SAP-values as fallback).

      The authority-check has to be triggered in the coding! Simply adding in SU24 does not lead to a check. The abap-docu for the statement authority-check is rather worth reading...

      b.rgds, Bernhard

  • avatar image
    Former Member
    Aug 23, 2009 at 09:42 AM

    Hello AJ,

    Do you want ti restrict for certain reports? whihc fall under library?

    or u want to club them to a report group and that group can execute ceratin reports only?.


    Prasant K Paichha

    Add comment
    10|10000 characters needed characters exceeded

  • avatar image
    Former Member
    Aug 25, 2009 at 11:08 AM


    For tcode GRR3, I found one object E_CS_RPTNG (Reporting using Report Writer/Painter and Drilldown Reports) check whether it is check/maintained in SU24 if yes go ahead and maintain it as check and disable it at role level and if this object is not present then check object G_800_GRP (Report Writer: Report) and maintain activity 03 at role level or try by disabling it.

    Hope this will work.


    Add comment
    10|10000 characters needed characters exceeded

  • avatar image
    Former Member
    Aug 28, 2009 at 01:24 PM

    I think there are a coupleof ways to do this


    Go to GRR3, check the report(s) that is(are) to be executed. Check the hierarchial assignment of the report(i mean check the Report group & Library they are under)

    based on the above information, you can make restriction on the following objects:

    G_800_GRP (For the actual report itself)

    G_801K_GLB (For the report Library)

    G_803J_GJB (For the report group)


    an alternate but somewhat tricky way to do this could be, For the user who needs the access/restriction check the roles that have the object S_PROGRAM , make sure that there is no (*) value in this.

    Give free access to GRR3, without any specific restriction. BUt in the role that has S_PROGRAM - give access to only those program authorization groups that are shown for the reports to be executed

    I think i made it too complex. OK.......if the user needs to run schedule 10 reports, go to GRR3 go the report he needs to execute, check the program behind - go to SE38, RSCSAUTH execute, check the authorization group of the program - make your restriction of program execution (S_PROGRAM) based on this

    hope it helps 😊

    Add comment
    10|10000 characters needed characters exceeded