Community
Application Development and Automation Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Read only

Authorization Group???

Go to solution
Former Member

‎2008 Jun 02 11:58 AM

0 Likes
897

Hi,

Can anyone explain me about Authorization Group used protect program?how to create ? what is the purpose?

I'm totally confused !!!

Regards,

Naveen

1 ACCEPTED SOLUTION
Read only

Go to solution
Former Member

‎2008 Jun 02 2:50 PM

0 Likes
772

One thing to note - if you check table TRDIR - field SECU - which is the auth group for programs - and look for fields that are not blank, you will find that most of the programs are not secured with an auth group. So that might mean that you would have to populate this field for all programs if you use this method of securing programs. At last count I found only about 4300 programs secured out of 2.4 million on ECC.

4 REPLIES 4
Read only

Go to solution
Bernhard_SAP
Product and Topic Expert
Product and Topic Expert

‎2008 Jun 02 12:24 PM

0 Likes
772

HI,

the aim of the authorization group is to secure the access to a report.

It is used in the object S_PROGRAM.

Please have a look at [SAP Note 338177|https://service.sap.com/sap/support/notes/338177] for more information. I am sure, the online help will give also some inofmration....

b.rgds, Bernhard

....and also note # 7642....

Edited by: Bernhard Hochreiter on Jun 2, 2008 1:26 PM

Read only

Go to solution
Former Member

‎2008 Jun 02 2:50 PM

0 Likes
773

One thing to note - if you check table TRDIR - field SECU - which is the auth group for programs - and look for fields that are not blank, you will find that most of the programs are not secured with an auth group. So that might mean that you would have to populate this field for all programs if you use this method of securing programs. At last count I found only about 4300 programs secured out of 2.4 million on ECC.

Read only

Go to solution
Former Member
In response to Former Member

‎2008 Jun 02 3:27 PM

0 Likes
772

You should also restrict the program type to executable programs (TRDIR-SUBC = 1), then the ratio will change a bit...

@ naveen

As Bernhard has already mentioned, the programs should ideally have the correct authority-checks to use them (as opposed to start them) in the programs. S_PROGRAM, much like S_TCODE, is a bit of an all-or-nothing control. An exception is restricting access to variants for the reports via S_PROGAM of course, but for that there are also "protect" flags which can be set, like an editor-lock. See tcode VARCH.

There are also a handfull of programs which should not have S_PROGRAM authorization groups on them.

If you do not have access to SAP notes, the documentation on report RSCSAUTH will also help you. Choose the "Documentation" radio button in SE38. The execute option might not work for you, because of S_PROGRAM

Cheers,

Julius

Read only

Go to solution
Former Member
In response to Former Member

‎2008 Jun 02 8:33 PM

0 Likes
772

True - then it comes down to 50600, but still a pretty big task to define groups for all of these.