- SAP Community
- Groups
- Interest Groups
- Application Development
- Discussions
- Authorization of Report Painter GRR3
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Authorization of Report Painter GRR3
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-19-2009 12:35 PM
Dear
Kindly help me to restrict our users on Tcode GRR3 for Report Painter.
There are number of reports under Report >>> Library.
on authorization at PFCG I created a role and has only one tcode GRR3. under this there are four objects
Report Writer: Report
Report Writer: Libaray
Report Writer: Report Group
how I restrict users at this stage...how to define authorization group ???? is this work able.
regds:
AJ
- SAP Managed Tags:
- Security
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-19-2009 3:44 PM
Check in SU24 for the objects associated with tcode GRR3. You may want to change the check indicator to check/maintain to bringin that authorization object into PFCG role maintenance.
- SAP Managed Tags:
- Security
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-19-2009 3:44 PM
Check in SU24 for the objects associated with tcode GRR3. You may want to change the check indicator to check/maintain to bringin that authorization object into PFCG role maintenance.
- SAP Managed Tags:
- Security
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-20-2009 4:20 AM
Dear;
I have checked SU24, could you just explain wht does below columns mean in SU24, I dont have adea of it.
this will be helpful for me ever......
SU24
Check Indicator for Authorization Object
Authorization Proposal (Status)
SAP Check Indicator of Object
SAP Authorization Proposal (Status)
Only three objects such as 1) Report Writer: Report 2) Report Writer: Library 3) Report Writer: Report Group
are checked = YES and these are the Objects available on PRCG.
If I manually add one of all mentioned object WILL IT NOT CHEK THE AUTHORIZATION.
regs:
AJ
- SAP Managed Tags:
- Security
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-20-2009 12:44 PM
Hello Asim,
Check Indicator for Authorization Object:
indicates, if the object will be checked. Of course the auhtority-check must be started in the coding. Please refer to :
http://help.sap.com/saphelp_nw70/helpdata/en/52/671470439b11d1896f0000e8322d00/frameset.htm
Authorization Proposal (Status):
Values, which will be inserted automatically into pfcg as proposal when entering the t-code in the roles menu.
The first 2 a.m. columns represent the su24-data (used for pfcg), row 3 and 4 represent the su22-data(SAP-values as fallback).
The authority-check has to be triggered in the coding! Simply adding in SU24 does not lead to a check. The abap-docu for the statement authority-check is rather worth reading...
b.rgds, Bernhard
- SAP Managed Tags:
- Security
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-23-2009 10:42 AM
Hello AJ,
Do you want ti restrict for certain reports? whihc fall under library?
or u want to club them to a report group and that group can execute ceratin reports only?.
Thanks,
Prasant K Paichha
- SAP Managed Tags:
- Security
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-25-2009 12:08 PM
Hello,
For tcode GRR3, I found one object E_CS_RPTNG (Reporting using Report Writer/Painter and Drilldown Reports) check whether it is check/maintained in SU24 if yes go ahead and maintain it as check and disable it at role level and if this object is not present then check object G_800_GRP (Report Writer: Report) and maintain activity 03 at role level or try by disabling it.
Hope this will work.
Thanks.
- SAP Managed Tags:
- Security
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-28-2009 2:24 PM
I think there are a coupleof ways to do this
1.
Go to GRR3, check the report(s) that is(are) to be executed. Check the hierarchial assignment of the report(i mean check the Report group & Library they are under)
based on the above information, you can make restriction on the following objects:
G_800_GRP (For the actual report itself)
G_801K_GLB (For the report Library)
G_803J_GJB (For the report group)
2.
an alternate but somewhat tricky way to do this could be, For the user who needs the access/restriction check the roles that have the object S_PROGRAM , make sure that there is no (*) value in this.
Give free access to GRR3, without any specific restriction. BUt in the role that has S_PROGRAM - give access to only those program authorization groups that are shown for the reports to be executed
I think i made it too complex. OK.......if the user needs to run schedule 10 reports, go to GRR3 go the report he needs to execute, check the program behind - go to SE38, RSCSAUTH execute, check the authorization group of the program - make your restriction of program execution (S_PROGRAM) based on this
hope it helps
- SAP Managed Tags:
- Security
