Skip to Content
avatar image
Former Member

P_GROUP Field in S_DEVELP Object?

Hi Experts,

When user needs a S_DEVELOP Object,provides the SU53 with P_Group as <dummy>.We also provides the user with S_Develop with P_GROUP as blank.Even P_GROUP field is blank, user is able to work.Then what is the purpose of P_Group field in S_Develop?

Kindly help me.

When I searched in Internet,I am not able to get enough information about P_GROUP field on S_DEVELOP Object.



Add comment
10|10000 characters needed characters exceeded

  • Get RSS Feed

3 Answers

  • Best Answer
    avatar image
    Former Member
    Oct 10, 2009 at 12:35 PM

    You needn't search on S_DEVELOP for this but on <DUMMY>. The dummy value check actually means that the programmer in this case doesn't mind what the value of P_GROUP is. The other fields will have understandable values in the SU53. In some cases a programmer will construct an AUTHORITY-CHECK in such a way that none of the fields are checked for their contents. If you have the object in your role, with any values, the check is passed.

    To build a role which provides enough access for the dummy check but doesn't allow anything else you can fill the object field with two quotes around a space. If there's less room than three characters you can skip the space and finally the second quote.

    An example of dummy values:

    ' '

    Add comment
    10|10000 characters needed characters exceeded

    • Former Member Former Member


      P_GROUP is a field in where you enter the auth groups related to the ABAP programs. Its not necessary that all the ABAP programs have auth groups assosiated with it, actually it all depends on how the coding is done.

      If auth groups are associated with ABAP programs then you need to assign them in S_DEVELOP and S_PROGRAM object (P_GROUP field) to give necessary authorization for execution of those ABAP programs, again it all depends on how the checks were configured in your code.

      To know what auth group (P_GROUP) is associated with a Tcode

      1- Go to SE93

      2- Enter the Tcode check for program associated with the Tcode.

      2- Go to SE38 enter this program name, click on attributes and the display.

      3 - Check out the Auth group field in the pop up.

      For more details information of these Auth groups you can refer to table TRDIR, TDGP or TDGPT.

  • avatar image
    Former Member
    Oct 10, 2009 at 12:37 PM


    Actually, the process needs authorization on S_DEVELOP object to complete the process. the p_Group fields is part of S_DEVELOP and not required any authorization as you stated above p_GROUP <dummy>


    Anwer Waseem

    SAP NetWeaver

    Add comment
    10|10000 characters needed characters exceeded

  • avatar image
    Former Member
    Oct 10, 2009 at 05:59 PM

    p_group in s_program is used for submitting the report, protecting variant maintenance, scheduling it in a background jobstep, etc. So, it is for using the report.

    p_group in s_develop is used for the development environment of the report, such as maintaining text elements, navigation in where-used-lists, changing the report attributes - which include the authorization group itself.

    If an auth group has been set via report RSCSAUTH, then it implies an intention to use it for S_PROGRAM control in SA38, SM37, etc. S_DEVELOP works better using packages and object types in my opinion.

    If you attempt to change the auth group via SE38, SE80 etc when it has already been set from RSCSAUTH, then the system will warn you. But you can accept the warning and create an inconsistency for a while... rather always use RSCSAUTH for both when making changes.

    S_PROGRAM is more usefull for you to use the group in security, but S_DEVELOP is stronger. Please be carefully with all aspects of object S_DEVELOP.



    Add comment
    10|10000 characters needed characters exceeded