one tcode,say sa38, is assigned to 10 diffrent users
through a same role.I want to restrict one of those 10
users to execute only a few reports in sa38 but not all
reports.what are the possible ways of getting it done?
Answers were Sorted based on User's Feedback
Answer / jeevansukka
if we make changes to the exisiting role, then access will
be changed to the rest of the users also,hence as per my
knowledge, the best way is to maintain a seperate role to
restrict the access and provide it the user, who has to be
restricted.
Is This Answer Correct ? | 32 Yes | 2 No |
Answer / vikas srivastava
Report can be secure by authorization object S_PROGRAM
S_PROGRAM has two field P_Action and P_Group
P_Action cab have these values:
SUBMIT: Start the program
BTCSUBMIT: Schedule the program to run as a background job
VARIANT: Maintain variants.
P_Group requires authorization group which is attached to
report by this way we can restrict a report to access.
Is This Answer Correct ? | 3 Yes | 0 No |
Answer / rax
Hi all,
Generally all roles (containing t-codes) are planned and
created depending on an individuals position (ex- sales mgr)
during implementation. So, the above situation never arises.
According to me this question is just to know the
interviewee's knowledge....
For this particular scenario the answer would be ....
The end user to access reports or programs he needs to have
access to authorization object S_PROGRAM. So,we first
manually add this authorization object to his existing role.
This object has an authorization field called AUTHORIZATION
GROUP in which we can maintain all programs or reports he
has to be given access to....
Is This Answer Correct ? | 3 Yes | 4 No |
what does user compare do in sap security?
how many authorizations creates one user ?
Plz can anybody share ur work experience on Mitigating conflicts using SoDs with GRC tools or without GRC (thankful if examples r provided)
what is the process to find that one consultant had removed a table from sap tables
1).what is the diff b/w adding the tcode in s_tcode authorization object and addind the tcode inmenu tab of pfcg? 4) What is the difference between Owner, Controller and Administrator in Firefighter? 2) Can you tell me why do you use S_TABU_DIS authorization object? 3) Explain How do you restrict a particular table acces then? 5)In RAR ,What are the default Back ground Jobs? 6)Which job will update all user master records? 7)What will happen whenever we execute a t-code? 8)What is the purpose of the report RSUSR006? 9) Lets say a user is locked by admin? What value will you see in USR02 table and in UFLAG column? 10) What will you do if the user complains that he is not able to access a t-code? 11)why we have to delete users ? 12)a. What is Direct role assignment and indirect role assignment? b. What is the process of adding a t-code to an existing role? c. If client asked you to modify a role directly in PRODUCTION for emergency? Is it possible? What you will do in that situation? d. What is the purpose of customized Transaction codes? Have you created any custom t-codes? 13)
a user is not able to execute a t-code ; hou do u solve that ? wat are the difft reasons that might be existing ?
What is the User Administration and Role Assignment in CUA.
i need to give authorisation to a user to su01 tcode but the delete options should not work..i,e the user should be able to Create,disp,change etc but not delete on su01. how cam i do this?
You wan to transport user groups from transaction sugr? Would this impact the groups tab in su01? What would you do?
What is Use Of SM35P and SM35 , Is there any difference between these two ?
Explain sap system transactions?
What is the maximum number of authorization in an object?