Solved: Authorization Group and Report Access

Former Member · ‎08-18-2009

Hi Guys,

I have a hard time resolving this issue, can you please help me resolve this issue. I have z program or Z report called (ZVENDOR). I went to SA38 and assigned ztest1 authorization Group to this report and then I created a role with sa38 in it inside of (S_Program) I have field (P_Action) and (P_GROUP). I assign auth group ztest1 into the (P_Group) field and selected submit for (P_Action) field.

But I donu2019t understand why user can execute so many other reports then only (ZVENDOR) even though I checked the table TRDIR and it shows only this report assigned to this auth group. As far as I understand Authority- check doesnu2019t matter because if its not in the report still user should not have access to any other reports, other then whatever in listed under the Atuh group I assigned (ZTEST1)

Can anyone tell me what am I missing?

Thanks in advance

Faisal

Former Member · ‎08-18-2009

Hi,

There are many thousands of reports with no auth group in so your user can run them too.

The check is only enforced if there is an auth group populated on the program.

Your user would not be able to run another report with a different auth group assigned.

Assign the program/report to a transaction and give that to the user. They don't need SA/SE38 in prod.

Former Member · ‎08-18-2009

Hi,

There are many thousands of reports with no auth group in so your user can run them too.

The check is only enforced if there is an auth group populated on the program.

Your user would not be able to run another report with a different auth group assigned.

Assign the program/report to a transaction and give that to the user. They don't need SA/SE38 in prod.

Former Member · ‎08-18-2009

Thank you so much, I got it