11-03-2015 8:27 AM
Hi All,
We have a custom t-code developed in CRM for executing a report and its output gets displayed in a table. Now there is a business requirement to restrict the authorization for the table fields to only 'Display' for selected users. I have checked with the developers and they have not included any authority check in their code. Please let me know, if this can be controlled by using the standard auth objects or can we go for a customizing auth object? I have tried restricting the access using S_TABU_DIS and S_TABU_NAM and didn't work. Can someone please share your thoughts?
Thanks,
PD
11-05-2015 8:00 AM
11-03-2015 8:58 AM
Hi PD,
Usually, authorization object S_ATBU_DIS and S_TABU_NAME is for table access.
If you want to restrict the access to a report, you could package this report to a customized transaction, and only give users the authorization to transactions, but not SE38 to run the report.
The action to directly access to SE37 and SE38 should be strictly restricted in production system.
Best regards,
Candy
11-05-2015 8:00 AM
11-05-2015 8:40 AM
for Custom tcode you have to use a authority check statement with sy-ucomm for restricting downloading and for standard tcodes you can restrict downloading by auth object S_GUI
11-05-2015 9:12 AM
Przemek is right, you should ask developer to modify their code to add the authorization check.
11-19-2015 2:51 PM
Hi Preethi,
The comments below have reason.
If you want restrict by S_TABU_DIS or S_TABU_NAME, first, the developers needs add an Authority-Check in the corresponding user-exist/enhancement, etc of the required program.
When the program have the authority-checks added andc work, you need add the authorization objects in your roles to restrict it for table names or authority groups.
Best regard.
12-10-2015 4:10 AM
Thank you all. We created a custom auth object and the developer included the auth check to the code and we got the desired result.
Rgds,
PD