topic Re: SE38 for 2 programs in DevOps and System Administration Forum

SE38 for 2 programs

former_member643677 — Thu, 28 Jan 2021 13:43:51 GMT

Hi All,

My users run SE38 only to execute these programs:

RFVD_CHK_REMOVE_CLEARING

RFVD_CHK_POSTED_RECORDS_VDBEPI

Can you please guide me , how can I restrict the access to those programs?

thanks

José

Re: SE38 for 2 programs

jmodaal — Fri, 29 Jan 2021 07:31:32 GMT

Hello,

you can create a "Report transaction" in SE80 for each of the programs. Then assign authorization to the report transaction(s) to the users and withdraw SE38 / SA38 authorization.

Re: SE38 for 2 programs

former_member643677 — Wed, 10 Feb 2021 20:13:11 GMT

Does anyone know how to do this by using authorization Objects?

Re: SE38 for 2 programs

S_Sriram — Thu, 11 Feb 2021 07:00:15 GMT

Hi Jose.

As rightly said by Jan, from the stand program, creat the new Z-transaction code with the help of ABAPer, assign the same transactions to business users, in that you will get the authorization objects.

Regards

Re: SE38 for 2 programs

jmodaal — Thu, 11 Feb 2021 07:29:02 GMT

Hello,

as the proposal is about replacing the report execution via SE38 with a report transaction the authorization object is S_TCODE.
For offering program RFVD_CHK_REMOVE_CLEARING in a transaction create a report transaction in SE80.

Then create a role using transaction PFCG, add S_TCODE with the name of the report transaction to the role. Assign this role to the user(s) who should be allowed to execute the program. Finally withdraw the authorization for SE38 / SA38 from the user(s).

There might be some other authorization objects coming up (S_PROGRAM as well as maybe some authorization objects required during the execution of the program RFVD_...). An authorization trace (ST01 or STAUTHTRACE) can discover all of them.