Community
Application Development and Automation Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Read only

Restrict access to only one program

Go to solution
Former Member

‎2007 Dec 13 10:18 AM

0 Likes
1,787

Hi all,

I need to generate a role which restrict users access only to execute one Z program in SA38.

Can someone let me know if there's a specific authorization object ?

Many thanks,

1 ACCEPTED SOLUTION
Read only

Go to solution
Former Member

‎2007 Dec 13 11:06 AM

0 Likes
1,062

Creata a custom TRX for teh program and assign that to a role.

This is not the only, but the most secure solution, as one should not allow access to SA/SE38 in prodcution

3 REPLIES 3
Read only

Go to solution
Former Member

‎2007 Dec 13 11:06 AM

0 Likes
1,063

Creata a custom TRX for teh program and assign that to a role.

This is not the only, but the most secure solution, as one should not allow access to SA/SE38 in prodcution

Read only

Go to solution
Former Member
In response to Former Member

‎2007 Dec 13 12:42 PM

0 Likes
1,062

Thank you but do you think there's another way to do that ?

Read only

Go to solution
Former Member
In response to Former Member

‎2007 Dec 13 1:44 PM

0 Likes
1,062

In PFCG you can assign a program to the role menu & SAP will generate a tcode for it.

Some may suggest putting an auth group on the program and controlling by giving access to only that auth group in object S_PROGRAM. Unfortunately your user will still be able to execute 10's of thousands of other executable programs which are not assigned to auth groups. Even though there are security checks in most of the dangerous ones, it's not worth it in my opinion.

All said & done I would take Auke's approach as that is accepted "best practice" in this area.