https://community.sap.com/t5/application-development-and-automation-discussions/restrict-access-to-only-one-program/m-p/3180489#M757222 <HTML><HEAD></HEAD><BODY><P>Creata a custom TRX for teh program and assign that to a role.</P><P>This is not the only, but the most secure solution, as one should not allow access to SA/SE38 in prodcution</P></BODY></HTML> Thu, 13 Dec 2007 11:06:38 GMT Former Member 2007-12-13T11:06:38Z https://community.sap.com/t5/application-development-and-automation-discussions/restrict-access-to-only-one-program/m-p/3180488#M757221 <HTML><HEAD></HEAD><BODY><P>Hi all,</P><P></P><P>I need to generate a role which restrict users access only to execute one Z program in SA38.</P><P></P><P>Can someone let me know if there's a specific authorization object ?</P><P></P><P>Many thanks,</P></BODY></HTML> Thu, 13 Dec 2007 10:18:58 GMT https://community.sap.com/t5/application-development-and-automation-discussions/restrict-access-to-only-one-program/m-p/3180488#M757221 Former Member 2007-12-13T10:18:58Z https://community.sap.com/t5/application-development-and-automation-discussions/restrict-access-to-only-one-program/m-p/3180489#M757222 <HTML><HEAD></HEAD><BODY><P>Creata a custom TRX for teh program and assign that to a role.</P><P>This is not the only, but the most secure solution, as one should not allow access to SA/SE38 in prodcution</P></BODY></HTML> Thu, 13 Dec 2007 11:06:38 GMT https://community.sap.com/t5/application-development-and-automation-discussions/restrict-access-to-only-one-program/m-p/3180489#M757222 Former Member 2007-12-13T11:06:38Z https://community.sap.com/t5/application-development-and-automation-discussions/restrict-access-to-only-one-program/m-p/3180490#M757223 <HTML><HEAD></HEAD><BODY><P>Thank you but do you think there's another way to do that ?</P></BODY></HTML> Thu, 13 Dec 2007 12:42:54 GMT https://community.sap.com/t5/application-development-and-automation-discussions/restrict-access-to-only-one-program/m-p/3180490#M757223 Former Member 2007-12-13T12:42:54Z https://community.sap.com/t5/application-development-and-automation-discussions/restrict-access-to-only-one-program/m-p/3180491#M757224 <HTML><HEAD></HEAD><BODY><P>In PFCG you can assign a program to the role menu &amp; SAP will generate a tcode for it.</P><P></P><P>Some may suggest putting an auth group on the program and controlling by giving access to only that auth group in object S_PROGRAM. Unfortunately your user will still be able to execute 10's of thousands of other executable programs which are not assigned to auth groups. Even though there are security checks in most of the dangerous ones, it's not worth it in my opinion.</P><P></P><P>All said &amp; done I would take Auke's approach as that is accepted "best practice" in this area.</P></BODY></HTML> Thu, 13 Dec 2007 13:44:50 GMT https://community.sap.com/t5/application-development-and-automation-discussions/restrict-access-to-only-one-program/m-p/3180491#M757224 Former Member 2007-12-13T13:44:50Z