https://community.sap.com/t5/application-development-and-automation-discussions/security-with-user-parameters/m-p/3182831#M757799 <HTML><HEAD></HEAD><BODY><P>Notice: user parameters can be set by the user itself (transaction SU2 / SU3).</P><P>Therefore, user parameters are definetly not suitable for access control purposes.</P></BODY></HTML> Thu, 20 Dec 2007 08:55:09 GMT Wolfgang_Janzen 2007-12-20T08:55:09Z https://community.sap.com/t5/application-development-and-automation-discussions/security-with-user-parameters/m-p/3182827#M757795 <HTML><HEAD></HEAD><BODY><P>I am trying to find out if I can utilize user parameters to secure reports. The client has a large display only reporting finance role that they now want to split up into different profit centers. First thought is of course, derived roles but there are 106 different profit centers. Is there any other alternative? Is there a way to use the user parameters? The business owner brought this possibility up and I thought i would research as i have never tried that before.</P><P></P><P>Thanks in advance for any help</P></BODY></HTML> Wed, 19 Dec 2007 18:50:32 GMT https://community.sap.com/t5/application-development-and-automation-discussions/security-with-user-parameters/m-p/3182827#M757795 Former Member 2007-12-19T18:50:32Z https://community.sap.com/t5/application-development-and-automation-discussions/security-with-user-parameters/m-p/3182828#M757796 <HTML><HEAD></HEAD><BODY><P>Hi Joe,</P><P></P><P>Technically, we cannot restrict security using parameters. The only thing that parameters do is show default data in selection screens.</P><P></P><P>A user can always change the default data.</P><P>I think the right way would be the to build roles with proper access.</P><P></P><P>-Abhishek</P></BODY></HTML> Wed, 19 Dec 2007 19:54:46 GMT https://community.sap.com/t5/application-development-and-automation-discussions/security-with-user-parameters/m-p/3182828#M757796 Former Member 2007-12-19T19:54:46Z https://community.sap.com/t5/application-development-and-automation-discussions/security-with-user-parameters/m-p/3182829#M757797 <HTML><HEAD></HEAD><BODY><P>Hi Joe, </P><P></P><P>PID's are on occasion used in some forms of security but I really would not recommend this approach. There are a few reasons for this, first and foremost it is not using the standard SAP security mechanism. Secondly, users are typically able to amend their PID's - you may want to block this access but who will maintain PID's after that? Thirdly you will need to do some customisation of any standard reports to make this work.</P><P></P><P>Profit Centre security is always going to give you large numbers of variants. Depending on the risk associated with this data you may want to look at rolling it up to cost centre group and creating fewer variants. If you want to go down the derived role for each profit centre route then you can script the role derivation via catts or ecatts and that just leaves a data population exercise.</P></BODY></HTML> Wed, 19 Dec 2007 19:59:41 GMT https://community.sap.com/t5/application-development-and-automation-discussions/security-with-user-parameters/m-p/3182829#M757797 Former Member 2007-12-19T19:59:41Z https://community.sap.com/t5/application-development-and-automation-discussions/security-with-user-parameters/m-p/3182830#M757798 <HTML><HEAD></HEAD><BODY><P>basically, all has been said, conclusion PID is not for securing access, as it is opening to much possible leaks</P></BODY></HTML> Thu, 20 Dec 2007 06:42:01 GMT https://community.sap.com/t5/application-development-and-automation-discussions/security-with-user-parameters/m-p/3182830#M757798 Former Member 2007-12-20T06:42:01Z https://community.sap.com/t5/application-development-and-automation-discussions/security-with-user-parameters/m-p/3182831#M757799 <HTML><HEAD></HEAD><BODY><P>Notice: user parameters can be set by the user itself (transaction SU2 / SU3).</P><P>Therefore, user parameters are definetly not suitable for access control purposes.</P></BODY></HTML> Thu, 20 Dec 2007 08:55:09 GMT https://community.sap.com/t5/application-development-and-automation-discussions/security-with-user-parameters/m-p/3182831#M757799 Wolfgang_Janzen 2007-12-20T08:55:09Z https://community.sap.com/t5/application-development-and-automation-discussions/security-with-user-parameters/m-p/3182832#M757800 <HTML><HEAD></HEAD><BODY><P>Hi, </P><P></P><P>You can consider to create a organizational role. This means that you create a role with only the object(s) that make the difference with the value you want. In the specific roles you inactivate the same object of give it dummy values. Be aware that this extra maintenance and asks extra discipline and is not vanilla sap, but a solution. </P><P></P><P>have fun </P><P></P><P>Jan van Roest</P></BODY></HTML> Thu, 20 Dec 2007 14:03:48 GMT https://community.sap.com/t5/application-development-and-automation-discussions/security-with-user-parameters/m-p/3182832#M757800 Former Member 2007-12-20T14:03:48Z https://community.sap.com/t5/application-development-and-automation-discussions/security-with-user-parameters/m-p/3182833#M757801 <HTML><HEAD></HEAD><BODY><P>thank you all for the helpful responses.</P></BODY></HTML> Thu, 20 Dec 2007 14:18:39 GMT https://community.sap.com/t5/application-development-and-automation-discussions/security-with-user-parameters/m-p/3182833#M757801 Former Member 2007-12-20T14:18:39Z