on 2022 Apr 22 9:01 PM
How do I secure programs in SAP with no auth group associated, from being executed via SM37 and SA38?
Request clarification before answering.
Hi marthom91
in order to secure the programs you need to first assign them to authorization group. This is pre-requisite. If program does not have a group assigned anyone with t-code access to SM37 and SA38 and S_PROGRAM with empty values will be able to execute any program. This generates a risk to walk around TCD security. This should be not allowed in production systems.
Please review the groups available in table TPGP. Next in SE38 ABAP developer need to assign a group to program in attributes section.
Next when using your authorization concept and auth object S_PROGRAM you assign authorization to execute ABAP programs by program group. You can assign authorizations by program group for the following activities:
· Starting a program
· Scheduling a program to run as a background job
· Maintaining variant
As per help
The object S_PROGRAM consists of two fields:
· Authorization group ABAP program: Name of the program group that the user is authorized to work with.
· Programs that are not assigned to a program group can be started and maintained by any user. The function does not support generic names.
· User action ABAP program: Permitted activities.
· Possible values:
· SUBMIT: Start the program
· BTCSUBMIT: Schedule the program to run as a background job
· VARIANT: Maintain variants (The SUBMIT authorization is necessary here as well, since programs are executed during variant maintenance)
Thanks,
Filip
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
3 | |
2 | |
2 | |
1 | |
1 | |
1 | |
1 | |
1 | |
1 | |
1 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.