This is in continuataion to the previous question.
a user is assigned with tcode SA38.how to restrict him to
execute only a few reports,say rsusr003.If you're going to
modify the role(having sa38) assigned to the user,that will
affect other users also because that role might be assigned
to multiple users.I don' want that to happen.so what is the
solution?
Answers were Sorted based on User's Feedback
Answer / shanu
In that case you need to create and assign authorization
group to report rsusr003. you can also create tcode for
this report and assign it to user in separate role.In the
new role maintain the object S_PROGRAM with specific auth
group.
No need to remove the SA38 from role.
Just make sure the SA38 role should restricted the access
got object S_PROGRAM. It should not be '*'.
Program Check (Object – S_PROGRAM, Values – Execution and
the authorization group).
Is This Answer Correct ? | 5 Yes | 0 No |
Answer / naveen kumar
The question is bit logic, you have to create a new role
with tcode SE38 and in authorization object S_DEVELOP the
activities DEVCLASS '*'
OBTYPE '*'
OBNAME ' RSUSR003'
p_group '*'
activity '03'
Is This Answer Correct ? | 5 Yes | 1 No |
Answer / ratnadeepika
Hey guys , One more solution is there .
Go to SE93 ...create a new tcode for eg : ZSA38 .
with the option Transaction with parameters option ...
In the main screen Tcode field give SA38 as tcode ...and u
will find 'DEFAULT VALUES" ...Add the entry
Name of the screen field : RS38M-PROGRAMM
Value : RSUSr003 save . If u want u can add some more
values .
Give this Tcode access to the user u want to restrict .
Try it and let me know if u are facing any problems . Mail
me for screenshots .
Is This Answer Correct ? | 0 Yes | 0 No |
Hi,
In that case you need to create a new role for such users.
Remove the SA38 role.
Create a new role with the required reports and assign the
role to the user.
Thus user will loose access to SA38 and get direct access
to required reports eg rsusr003.
Regards,
Subal
Is This Answer Correct ? | 0 Yes | 1 No |
Differentiate between derived role and composite role
What are the upgrades happened in GRC 5.3 from GRC 5.2?
What are the 5 things you'll do if you have sap system to maintain (Sap securiy)
1 Answers Accenture, Ernst Young,
i am asked to get through at "Authorizations analysis and correct assignments" wat does it mean and wat all concepts comes under these ?
How many Tcodes can be assigned to a role ?
What are su25 t-codes used for?
What is use of derived roles?
1.why we use derived role in sap security?2.what is the technical difference between master and derived role?
what is sod in sap security?
what is SOD?
Providing training for SAP Security & GRC. SAP Security includes ECC Security,HR Security,SRM Security,CRM SECURITY,BI Security GRC 10.0 & 10.1 For further details send an email to sapsecuritygrc5.3@gmail.com or contact 971 563356167
what is user base in sap security?