Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Restricting a variant

Go to solution
Former Member

‎06-23-2009 5:11 PM

0 Kudos

Hello experts,

I have a user able to go change the variants for the program. Can we restrict this. It would be great if the user can only create.change his own variant. Similar to spool and emails.

Thanks for your help.

Raghav

1 ACCEPTED SOLUTION

Go to solution
Former Member

‎06-23-2009 7:00 PM

0 Kudos

Its not an auth. object which restricts the user not to play other users variant. When You create a variant You should protect it by checking 'Protect Variant' checkbox and save it. otherwise Your variant is open for changes/deletion by any other user.

8 REPLIES 8

Go to solution
sdipanjan
Active Contributor

‎06-23-2009 5:20 PM

0 Kudos

Hi,

Restrict access to S_PROGRAM and S_DEVELOP for the user specific role. Check the documentation of these two object (from SU21) to get the details of values that you need to provide.

Regards,

Dipanjan

Go to solution
Former Member
In response to sdipanjan

‎06-23-2009 5:38 PM

0 Kudos

can we restrict a users to create a variant and use/modify/delet his own varainats and not mess with other users variants??

Go to solution
sdipanjan
Active Contributor
In response to sdipanjan

‎06-23-2009 6:26 PM

0 Kudos

To restrict users from Maintaining variants, you need to do following:

Remove VARIANT from Field P_ACTION of the Object S_PROGRAM. Check the roles assigned to user for this object and it's values.

Remove PROG from OBJTYPE and 01, 02 from ACTVT in the same authorization Instance of Object S_DEVELOP.

Note: In productive systems, only the system manager and the Early Watch users should have authorization to S_DEVELOP. The Early Watch user should only have authorization with the values SYST for the field ID of a development object, 03 for the field Activity. For all other users you can simply Deactivate the Object in production system.

Regards,

Dipanjan

Go to solution
Former Member

‎06-23-2009 7:00 PM

0 Kudos

Its not an auth. object which restricts the user not to play other users variant. When You create a variant You should protect it by checking 'Protect Variant' checkbox and save it. otherwise Your variant is open for changes/deletion by any other user.

Go to solution
sdipanjan
Active Contributor
In response to Former Member

‎06-23-2009 7:16 PM

0 Kudos

When You create a variant You should protect it by checking 'Protect Variant' checkbox and save it. otherwise Your variant is open for changes/deletion by any other user.

Agreed !! and missed in my post.

Go to solution
Former Member

‎06-23-2009 8:02 PM

0 Kudos

Additionally you can create customer system variants. Those can only be changed in client 000.

Also be carefull of report RSVARENT....

Cheers,

Julius

Go to solution
Former Member

‎10-16-2009 7:17 PM

0 Kudos

And if the user does not already have access to any S_PROGRAM authorizations but is still able to edit variants (i.e. a query in the SAP namespace)? If there are no related authorizations to remove, how do you restrict this access?

Go to solution
Former Member
In response to Former Member

‎10-16-2009 7:38 PM

0 Kudos

Then neither of the 3 variant protection mechanisms (program auth group, variant protection, customer system variant) have been used.

--> You have not protected it in any way, so you will have difficulty finding an authorization to work with on the security side without the user being prevented from doing their work at all.

Cheers,

Julius