Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Does SPRO display allow display of any technical ITAR data ?

former_member204733
Participant

‎09-22-2008 9:57 PM

0 Kudos

We have roles that allow the display ony of the SPRO configuration in our production system. (can be used by Competency Center to validate config is the same in Prod as in Dev.)

But in our the main user job roles, we have security that limits any one who is not a US citizen from seeing "technical data" such as BOM's and Routings that can tell how to "build" a US military part.

Because we have never gone through and checked, or proven, that no SPRO (IMG) sub-nodes link to the display of actual data base "data" that could be ITAR restricted, we can not give the SPRO display roles to the members of our project or our global support staff that are not US citizens.

Does SAP have documentation that SPRO transactions do not display (or link to) actual technical data that needs to have resticted access. As long as the link takes you to a seperate t-code, and that t-codes security applies, then it is ok.

1 REPLY 1

Former Member

‎09-22-2008 10:56 PM

0 Kudos

There is no way to answer this based on SPRO only.

There are also reports in SPRO (which are typically protected by S_PROGRAM object) which perform consistency checks on data. Some of them can even change your "technical data" if the checks are run without the "test" flag set....

Perhaps your safest bet is to identify which technical data these non-US folks need to check (regardless of what they are allowed to see) and build a menu of your own for it to restrict their entry points (S_TCODE) and keep an eye on which customizing objects they have access to (S_TABU_DIS).

In many cases, the tcodes will already exist. You only need to find them via the parameter transactions or where-used-lists.

Cheers,

Julius

PS: If you create your own transaction, then I recommend that you maintain SU24 for it... otherwise the system defaults to the "Proposals" of the Core Transaction (the tcode which has been parameterized). Do not leave mandatory parameters empty... because the program will stop in the "skip screen"...

Edited by: Julius Bussche on Sep 22, 2008 11:57 PM