How to Restrict specific repository objects ?

ahmed_ibrahim2 · ‎2016 Jul 25

Dear collegues ,

hope every thing is OK

actually i am trying to prevent some Developers accessing or viewing specific objects "developed programs".

how to exclude specific programs from accessing by specific developers ?

Ahmed

Former Member · ‎2016 Jul 25

Hi, You can do this through authorization object S_DEVELOP.

ahmed_ibrahim2 · ‎2016 Jul 26

then , how to exclude the programs ?!, actually it is just 10 Developed programs i don't want to be accessed by all developers .

ravikirandvr · ‎2016 Jul 26

Firstly, secure the programs by assigning the authorization group. This would usually done by the developers during program creation.

Defined authorization groups are listed in table in TPGP.

You can review the existing authorization group assigned to a program using table TRDIR.

To assign programs to authorization group, you can use report RSCSAUTH.

Based on your requirement you can restrict using authorization objects S_PROGRAM and/or S_DEVELOP.

Following thread may also provide you more insights: https://scn.sap.com/thread/778538

ahmed_ibrahim2 · ‎2016 Jul 26

thanks Ravikiran

good idea , done with programs , but, how can we assign authorization group to Function module

ravikirandvr · ‎2016 Jul 26

For Function Module, we need to consider for function group and not authorization group.

Access to execute function module can be provided using Authorization object - S_DEVELOP.

OBJTYPE: FUGR

OBJNAME: <Function module's function group name>

P_GROUP: *

ACTVT: 16

For more details on S_DEVELOP please refer to SAP Library

To find out function modules of a function group, please refer to existing thread

Bernhard_SAP · ‎2016 Jul 26

don't forget to remove the authorization for debug/replace from your developers.Otherwise they can bypass the checks... 😉

Bernhard