cancel
Showing results for 
Search instead for 
Did you mean: 

How do we secure programs in SAP with no auth group associated

0 Kudos
615

How do I secure programs in SAP with no auth group associated, from being executed via SM37 and SA38?

Accepted Solutions (0)

Answers (1)

Answers (1)

FilipGRC
Contributor
0 Kudos

Hi marthom91

in order to secure the programs you need to first assign them to authorization group. This is pre-requisite. If program does not have a group assigned anyone with t-code access to SM37 and SA38 and S_PROGRAM with empty values will be able to execute any program. This generates a risk to walk around TCD security. This should be not allowed in production systems.

Please review the groups available in table TPGP. Next in SE38 ABAP developer need to assign a group to program in attributes section.

Next when using your authorization concept and auth object S_PROGRAM you assign authorization to execute ABAP programs by program group. You can assign authorizations by program group for the following activities:

· Starting a program

· Scheduling a program to run as a background job

· Maintaining variant

As per help

The object S_PROGRAM consists of two fields:

· Authorization group ABAP program: Name of the program group that the user is authorized to work with.

· Programs that are not assigned to a program group can be started and maintained by any user. The function does not support generic names.

· User action ABAP program: Permitted activities.

· Possible values:

· SUBMIT: Start the program

· BTCSUBMIT: Schedule the program to run as a background job

· VARIANT: Maintain variants (The SUBMIT authorization is necessary here as well, since programs are executed during variant maintenance)

Thanks,

Filip