Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Auhtorizations Issue - job user may not have tcode

Former Member

‎10-15-2009 12:41 PM

0 Kudos

Hello,

I have a program that runs everynight and the program needs access to FD02. The user that may perform this operation is the IT user. But the IT user must not have access to transaction FD02.

How can i solve this under the same role?

I thought about solving this the following way:

I saw the Authorization Objects and field values and activities that are proposed by the system when i insert FD02 in the role.

If i insert these Authorization Objects and the field values and activities manualy and remove FD02 from the menu, is this going to prevent the user to access to FD02 and allow the program to access it?

Thanks

Edited by: Julius Bussche on Oct 15, 2009 1:57 PM

Please use meaningfull subject titles

2 REPLIES 2

Former Member

‎10-15-2009 12:52 PM

0 Kudos

Hi John,

If the transaction code is invoked during the program then it likely that there will be an S_TCODE check.

If the job is run nightly, why don't you schedule the job under a user with the relevant authorisation?

Former Member

‎10-15-2009 1:50 PM

0 Kudos

> I thought about solving this the following way:

> I saw the Authorization Objects and field values and activities that are proposed by the system when i insert FD02 in the role.

> If i insert these Authorization Objects and the field values and activities manualy and remove FD02 from the menu, is this going to prevent the user to access to FD02 and allow the program to access it?

This is the old fashioned way, using CALL TRANSACTION or creating a batch input session which the end user can process. But it caused many problems and transactions will generally check their own S_TCODE check and possibly allow couples of trusting transactions - but that is not going to help you in a background job.

The better approach would be to have used a BAPI function module.

What you should also consider is not having dialog type users in your scheduled background jobs, that way your end users can have a role with the transaction and the SYSTEM type users for such tasks as these can be excluded from this TCODE start authorization.

Cheers,

Julius