- SAP Community
- Groups
- Interest Groups
- Application Development
- Discussions
- Execution of reports in batch
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Execution of reports in batch
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-30-2011 6:38 AM
Hello,
in a system there is a user TEST with no authorizations at all.
I used this user in a batch job which I created with SM36 and the report RSPFPAR with a variant to get a spool.
I executed this job and actually job finishes and the spool is created.
My own user has got all rights, so I can put every username in step of a job.
But I'm wondering that this job is executed with user TEST in step, which has no rights (no profiles, no roles).
I always thought authorizations are valid in background jobs too?
Where is my fault?
Regards,
Julia
- SAP Managed Tags:
- Security
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-30-2011 8:37 AM
The precondition is to release the job --> S_BTCH_JOB action RELE. That was performed against your user ID, not TEST.
Then the program was executed in the step. The program does not make any authority-checks to display the parameters. Creating an own spool does not require any authorizations either.
It is only when run "online" via SAPGui that there is an optional check if you want to navigate into RZ11 from the output of the program.
This is however because of the program itself, and is nothing special about background processing.
Cheers,
Julius
- SAP Managed Tags:
- Security
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-30-2011 8:37 AM
The precondition is to release the job --> S_BTCH_JOB action RELE. That was performed against your user ID, not TEST.
Then the program was executed in the step. The program does not make any authority-checks to display the parameters. Creating an own spool does not require any authorizations either.
It is only when run "online" via SAPGui that there is an optional check if you want to navigate into RZ11 from the output of the program.
This is however because of the program itself, and is nothing special about background processing.
Cheers,
Julius
- SAP Managed Tags:
- Security
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-30-2011 10:23 AM
Thanks for your answer.
That means therefore:
if user has got authorization for releasing a job (S_BTCH_JOB ACTVT RELE) and even if he can only put his own username in step, he can use SM36 like SE38 for executing any report.
Is that right?
Regards,
Julia
- SAP Managed Tags:
- Security
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-30-2011 11:26 AM
If TEST already is in the job step and the job is released, then important is who put TEST in there? That is you and your authority is checked.
If TEST wants to enter themselves into a (adhoc?) background job, then S_BTCH_JOB jobaction RELE is checked.
Yes, the ability to arbitrarily choose / change the program name in SM37 / SM36 is comparable to SE38 and other workbench transactions
This is however different to SA38 / parameter transactions of START_REPORT / SUB% shortcuts / etc. These are comparable to SMX (to display the programs) which can only have been executed from the application transaction (e.g. reporting) and not chosen arbitrarily.
This concept (actvt 16 for S_DEVELOP) was optional as an exit for a long time, and was recently introduced for programs as well as function modules, but not for methods yet to my knowledge. Here you can also control at the level of the name of the program.
Cheers,
Julius
- SAP Managed Tags:
- Security
