Community
Application Development and Automation Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Read only

Security with user parameters?

Go to solution
Former Member

‎2007 Dec 19 6:50 PM

0 Likes
1,505

I am trying to find out if I can utilize user parameters to secure reports. The client has a large display only reporting finance role that they now want to split up into different profit centers. First thought is of course, derived roles but there are 106 different profit centers. Is there any other alternative? Is there a way to use the user parameters? The business owner brought this possibility up and I thought i would research as i have never tried that before.

Thanks in advance for any help

1 ACCEPTED SOLUTION
Read only

Go to solution
Wolfgang_Janzen
Product and Topic Expert
Product and Topic Expert

‎2007 Dec 20 8:55 AM

0 Likes
1,209

Notice: user parameters can be set by the user itself (transaction SU2 / SU3).

Therefore, user parameters are definetly not suitable for access control purposes.

6 REPLIES 6
Read only

Go to solution
Former Member

‎2007 Dec 19 7:54 PM

0 Likes
1,209

Hi Joe,

Technically, we cannot restrict security using parameters. The only thing that parameters do is show default data in selection screens.

A user can always change the default data.

I think the right way would be the to build roles with proper access.

-Abhishek

Read only

Go to solution
Former Member

‎2007 Dec 19 7:59 PM

0 Likes
1,209

Hi Joe,

PID's are on occasion used in some forms of security but I really would not recommend this approach. There are a few reasons for this, first and foremost it is not using the standard SAP security mechanism. Secondly, users are typically able to amend their PID's - you may want to block this access but who will maintain PID's after that? Thirdly you will need to do some customisation of any standard reports to make this work.

Profit Centre security is always going to give you large numbers of variants. Depending on the risk associated with this data you may want to look at rolling it up to cost centre group and creating fewer variants. If you want to go down the derived role for each profit centre route then you can script the role derivation via catts or ecatts and that just leaves a data population exercise.

Read only

Go to solution
Former Member
In response to Former Member

‎2007 Dec 20 6:42 AM

0 Likes
1,209

basically, all has been said, conclusion PID is not for securing access, as it is opening to much possible leaks

Read only

Go to solution
Wolfgang_Janzen
Product and Topic Expert
Product and Topic Expert

‎2007 Dec 20 8:55 AM

0 Likes
1,210

Notice: user parameters can be set by the user itself (transaction SU2 / SU3).

Therefore, user parameters are definetly not suitable for access control purposes.

Read only

Go to solution
Former Member
In response to Wolfgang_Janzen

‎2007 Dec 20 2:03 PM

0 Likes
1,209

Hi,

You can consider to create a organizational role. This means that you create a role with only the object(s) that make the difference with the value you want. In the specific roles you inactivate the same object of give it dummy values. Be aware that this extra maintenance and asks extra discipline and is not vanilla sap, but a solution.

have fun

Jan van Roest

Read only

Go to solution
Former Member
In response to Wolfgang_Janzen

‎2007 Dec 20 2:18 PM

0 Likes
1,209

thank you all for the helpful responses.