This is in continuataion to the previous question.
a user is assigned with tcode SA38.how to restrict him to
execute only a few reports,say rsusr003.If you're going to
modify the role(having sa38) assigned to the user,that will
affect other users also because that role might be assigned
to multiple users.I don' want that to happen.so what is the
solution?
Answers were Sorted based on User's Feedback
Answer / shanu
In that case you need to create and assign authorization
group to report rsusr003. you can also create tcode for
this report and assign it to user in separate role.In the
new role maintain the object S_PROGRAM with specific auth
group.
No need to remove the SA38 from role.
Just make sure the SA38 role should restricted the access
got object S_PROGRAM. It should not be '*'.
Program Check (Object – S_PROGRAM, Values – Execution and
the authorization group).
Is This Answer Correct ? | 5 Yes | 0 No |
Answer / naveen kumar
The question is bit logic, you have to create a new role
with tcode SE38 and in authorization object S_DEVELOP the
activities DEVCLASS '*'
OBTYPE '*'
OBNAME ' RSUSR003'
p_group '*'
activity '03'
Is This Answer Correct ? | 5 Yes | 1 No |
Answer / ratnadeepika
Hey guys , One more solution is there .
Go to SE93 ...create a new tcode for eg : ZSA38 .
with the option Transaction with parameters option ...
In the main screen Tcode field give SA38 as tcode ...and u
will find 'DEFAULT VALUES" ...Add the entry
Name of the screen field : RS38M-PROGRAMM
Value : RSUSr003 save . If u want u can add some more
values .
Give this Tcode access to the user u want to restrict .
Try it and let me know if u are facing any problems . Mail
me for screenshots .
Is This Answer Correct ? | 0 Yes | 0 No |
Hi,
In that case you need to create a new role for such users.
Remove the SA38 role.
Create a new role with the required reports and assign the
role to the user.
Thus user will loose access to SA38 and get direct access
to required reports eg rsusr003.
Regards,
Subal
Is This Answer Correct ? | 0 Yes | 1 No |
How will you delete the user in sap security SU01
what is your ticketing tool? can we give some details about how we are getting tickets
What is the parameter in security audit log (sm19) that decides the number of filters?
what is hypercare and go live support?
Does s_tabu_dis org level values in a master role gets reflected in the child role?
what is the difference between se16 and se16n ?
What is the difference between User group in LOGON DATA tab and user group in GROUPS tab in SU01 t code?
How do you check background jobs?
Q5) What is the procedure you follow in your company as a security admin when a end user complains that he is unable to perform or execute an action in a particular tcode?
What profile versions?
SAP GRC 10.0
What is the differences between AGR_1251 and AGR_1252?