Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

ability to schedule a report to run in background but No access to transact

Former Member

‎01-28-2009 11:22 AM

0 Kudos

Hi,

I want to give users ability to schedule a report to run in background but No access to transaction Sm37.

What can be the process/steps to work and morever if we do this is there any disadvantages that users

can face later...

<removed_by_moderator>

Thanks,

Barada

Edited by: Julius Bussche on Jan 28, 2009 1:12 PM

13 REPLIES 13

RainerKunert
Active Participant

‎01-28-2009 11:52 AM

0 Kudos

One possibility is to define an event triggered job that starts the program with predefined selection values. The user should be able to trigger the event. You can create a transaction that triggers exactly this event.

Disadvantage: the user cannot change the selection criteria.

Private_Member_119218
Active Participant

‎01-28-2009 11:54 AM

0 Kudos

Well. There's transaction SMX - Own Jobs. You could use that, but it is very restricted. I don't think you can even display the job spool from there.

Why no SM37? If correctly restricted with authorizations, this transaction can be perfectly safe.

Former Member
In response to Private_Member_119218

‎01-28-2009 12:05 PM

0 Kudos

Hi,

All the users have access to SM37.

I want to restrict the user from Tcode SM37,If I do that is there any problem for the users Ability to schedule a report to run in background.

Thanks.

Barada

RainerKunert
Active Participant
In response to Private_Member_119218

‎01-28-2009 12:08 PM

0 Kudos

The users need authorization S_BTCH_JOB with JOBACTION=RELEASE, otherwise the job with the report will be scheduled but not released.

It is not necessary to grant access to SM37.

Private_Member_119218
Active Participant
In response to Private_Member_119218

‎01-28-2009 12:13 PM

0 Kudos

Lets see if I got this right.

You want a user to be able to schedule a report in background (from menu, "Execute in Background") without having authorizations for transaction SM37; Is this correct?

Former Member
In response to Private_Member_119218

‎01-28-2009 12:24 PM

0 Kudos

Hi,

Yes,You got it right,Please advise in this regard.

Thanks,

Barada

Private_Member_119218
Active Participant
In response to Private_Member_119218

‎01-28-2009 2:16 PM

0 Kudos

Then you need to do what Rainer already pointed out a few posts back - authorizations for S_BTCH_JOB with values |JOBGROUP=' ';JOBACTION=RELE;| are required to perform this action.

Former Member
In response to Private_Member_119218

‎01-28-2009 7:39 PM

0 Kudos

Sorry, I misread your question - thinking that the report should only be run in the background.

I agree with the others (also about SMX and SMXX to display their own jobs, but not change them afterwards), but which report (tree) is this?

You can still give the user an ability to maintain a variant via transaction VARCH though (no execute possibility) . It will check S_PROGRAM p_action VARIANT or look for a user specific protection flag.

But then the user can submit it online as well from other transactions. That is why I thought you were looking for a way to run it as low priority in the background only.

Cheers,

Julius

Former Member
In response to Private_Member_119218

‎01-29-2009 8:02 AM

0 Kudos

Ooops. Sorry Barada, I deleted your post from here (and other cross-posted question) because I thought you were hijacking someone else's question.

Now I see that it is your question...

Anyway, please don't cross-post either.

Sorry about that. Please post again to this thread.

Cheers,

Julius

Former Member
In response to Private_Member_119218

‎01-29-2009 8:43 AM

0 Kudos

Hi,

If I will assign JOBACTION = RELE and JOBGROUP = * in S_BTCH_JOB then,

Will it restrict users for performing following actions under Job(in Menu) in SM37 ?

Cancel active job

Delete

Copy

Change

Move to different server

Please suggest for the same what will be the values for other two authorization object S_BTCH_ADM and

S_BTCH_NAM.

Thanks,

Barada

Private_Member_119218
Active Participant
In response to Private_Member_119218

‎01-29-2009 8:51 AM

0 Kudos

(1) Yes.

(2) For S_BTCH_ADM, I'd suggest either deactivate the object or value 'N'. 'Y' would mean that this user can change or copy BGJs of other users. This is one of those authorizations you have to be careful with.

(3) For S_BTCH_NAM, I'd suggest you deactivate the object. In this object, you can list usernames that job steps can be scheduled with and these steps will effectively run with the specified user's authorizations. Also a rather dangerous object. For what you described, user's own authorizations are enough.

Former Member
In response to Private_Member_119218

‎01-29-2009 11:11 AM

0 Kudos

Hi,

I kept these values against the authorization objects.

In S_BTCH_ADM, Inactive

In S_BTCH_JOB , JOBACTION = RELE JOBGROUP = *

In S_BTCH_NAM, Inactive

After that when I am executing a report in background and deleting the job in SM37 it is deleted successfully,

which is against my requirement, I need to have only display in SM37.

Thanks,

Barada

Former Member

‎01-28-2009 12:14 PM

0 Kudos

Which report / transaction is this?

If it is a self-developed one, you can simply check upfront in the report that sy-batch = 'X'.

Cheers,

Julius