This is in continuataion to the previous question.
a user is assigned with tcode SA38.how to restrict him to
execute only a few reports,say rsusr003.If you're going to
modify the role(having sa38) assigned to the user,that will
affect other users also because that role might be assigned
to multiple users.I don' want that to happen.so what is the
solution?
Answer Posted / shanu
In that case you need to create and assign authorization
group to report rsusr003. you can also create tcode for
this report and assign it to user in separate role.In the
new role maintain the object S_PROGRAM with specific auth
group.
No need to remove the SA38 from role.
Just make sure the SA38 role should restricted the access
got object S_PROGRAM. It should not be '*'.
Program Check (Object – S_PROGRAM, Values – Execution and
the authorization group).
Is This Answer Correct ? | 5 Yes | 0 No |
Post New Answer View All Answers
How do I change the name of master / parent role keeping the name of derived/child role same? I would like to keep the name of derived /child role same and also the profile associated with the child roles.
What are pfud t-codes used for?
Give an example of SOD with object level control & also decide the Risk implication from the Technical standpoint.
Authorization check on s_btch_job failed. What would happen now?
What are some ap security t codes?
Can you explain secure store and forward?
What is the main purpose of parameters, groups & personalization tabs?
How can sap security be improved?
what is the different b/w su10 and su12
Differentiate between saml token profile and a sap logon ticket
Explain secure store and forward?
what is authorization object and authorization object class?
Please also send me details about CRM 5 and CRM 7 security issues and scenarios.
Can you explain protecting public keys?
how to do Reporting and Analysis authorizations