06-23-2009 5:11 PM
Hello experts,
I have a user able to go change the variants for the program. Can we restrict this. It would be great if the user can only create.change his own variant. Similar to spool and emails.
Thanks for your help.
Raghav
06-23-2009 7:00 PM
Its not an auth. object which restricts the user not to play other users variant. When You create a variant You should protect it by checking 'Protect Variant' checkbox and save it. otherwise Your variant is open for changes/deletion by any other user.
06-23-2009 5:20 PM
Hi,
Restrict access to S_PROGRAM and S_DEVELOP for the user specific role. Check the documentation of these two object (from SU21) to get the details of values that you need to provide.
Regards,
Dipanjan
06-23-2009 5:38 PM
can we restrict a users to create a variant and use/modify/delet his own varainats and not mess with other users variants??
06-23-2009 6:26 PM
To restrict users from Maintaining variants, you need to do following:
Remove VARIANT from Field P_ACTION of the Object S_PROGRAM. Check the roles assigned to user for this object and it's values.
Remove PROG from OBJTYPE and 01, 02 from ACTVT in the same authorization Instance of Object S_DEVELOP.
Note: In productive systems, only the system manager and the Early Watch users should have authorization to S_DEVELOP. The Early Watch user should only have authorization with the values SYST for the field ID of a development object, 03 for the field Activity. For all other users you can simply Deactivate the Object in production system.
Regards,
Dipanjan
06-23-2009 7:00 PM
Its not an auth. object which restricts the user not to play other users variant. When You create a variant You should protect it by checking 'Protect Variant' checkbox and save it. otherwise Your variant is open for changes/deletion by any other user.
06-23-2009 7:16 PM
When You create a variant You should protect it by checking 'Protect Variant' checkbox and save it. otherwise Your variant is open for changes/deletion by any other user.
Agreed !! and missed in my post.
06-23-2009 8:02 PM
Additionally you can create customer system variants. Those can only be changed in client 000.
Also be carefull of report RSVARENT....
Cheers,
Julius
10-16-2009 7:17 PM
And if the user does not already have access to any S_PROGRAM authorizations but is still able to edit variants (i.e. a query in the SAP namespace)? If there are no related authorizations to remove, how do you restrict this access?
10-16-2009 7:38 PM
Then neither of the 3 variant protection mechanisms (program auth group, variant protection, customer system variant) have been used.
--> You have not protected it in any way, so you will have difficulty finding an authorization to work with on the security side without the user being prevented from doing their work at all.
Cheers,
Julius