Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Security for Custom development(load programs)

Former Member

‎04-05-2010 12:20 PM

0 Kudos

Hi,

We have a requirement from customer to incorporate security for a custom excel based load program which updates classification data on the material master.

Is it suggested method to actually propose them to code authorization checks on material for each entry in the file?

How important is to propose addtional authorzations on such load based tcodes, since this tcode would go into a role which will be added to process team who upload such details for all materials?

Many thanks in advance,

Sandeep

5 REPLIES 5

jurjen_heeck
Active Contributor

‎04-05-2010 1:39 PM

0 Kudos

> Is it suggested method to actually propose them to code authorization checks on material for each entry in the file?

No, that'll probabely impact performance, but you can have a look at MM related objects to see which authorizations are normally used to check before updating classification data. Otherwise, an S_TABU_DIS check on the relevant MM table authorization groep and ACTVT=02 is an option.

> How important is to propose addtional authorzations on such load based tcodes, since this tcode would go into a role which will be added to process team who upload such details for all materials?

If you have an office where only trusted people can come, will you not lock your money away?

Relying on S_TCODE checks only is very bad (and in my opinion lazy) practice.

Former Member
In response to jurjen_heeck

‎04-06-2010 2:21 PM

0 Kudos

Gents,

Thanks for your inputs Heeck . They will help a lot

If you have an office where only trusted people can come, will you not lock your money away?

But, sometimes i feel like we are locking the money and distributing keys to all those trusted folks.

Former Member
In response to jurjen_heeck

‎04-06-2010 2:24 PM

0 Kudos

Hi Julius,

Can you please elaborate more on this tcode MASS?

When i ran it , it is asking for me to select a varaint.

How do i actually use it in my case?

Your response is highly appreciated.

Regards,

Sandeep

Edited by: sandeep gade on Apr 6, 2010 3:25 PM

jurjen_heeck
Active Contributor
In response to jurjen_heeck

‎04-06-2010 3:02 PM

0 Kudos

> 

If you have an office where only trusted people can come, will you not lock your money away?

> But, sometimes i feel like we are locking the money and distributing keys to all those trusted folks.

That's what you generally do, I agree.

It looks like a lot of useless work but wait untill you actually need to keep someone away from the money without locking him out of the whole building. Not locking the money away in the first place robs you of the possibility to take action in these unforseen circumstances. Look at it like as if it was an insurance policy. I hope I never need mine.

BTW, Heeck is my last name

Jurjen

Former Member

‎04-05-2010 10:13 PM

0 Kudos

More important is how are you loading the data if there are no checks in your custom code updating SAP tables?

I suggest taking a look into transaction MASS...

Cheers