07-20-2010 8:11 PM
Hi,
We have interfaces which sends the Config & master data to third party application(Non SAP).
In typical integration environment, we send all Config data like Company code, plant, Sales Org etc via interfaces. We also send transaction data like Customer, vendor.
We are trying to put security checks so that, person who has create Company code authorization ( we can even settle for change/display) can only run this interface ( to send the company code data to 3rd party application)
I tried looking & setting trace using ST01. While creating company it checks 'S_TABU_DIS" which is for table maint. This may not work for our kind of requirement.
Is there any way/authorization object , by which SAP can restrict creation of SPRO data, like Company Code, Sale Area etc and is this general auth or combined.
Thanks for your time
Regards
Harish
07-20-2010 9:02 PM
SPRO is a "spider web" transaction it needs table access to execute many of the actions in SPRO
For your need if you are able to group the table access to an authorization group , you can restrict the access to display only.
I think your tasks are convoluted some of the authority checks you might capture but still table access will be an issue
Any plans on customization? or you have to restrict through authorizations only.
07-20-2010 9:06 PM
Thanks for the reply. We plan to restrict only by authorization. This will be checked in ABAP coding of interfaces.
However we have a restriction to use standard SAP objects, since we ship our product to various customers.
Regards,
Harish
07-20-2010 9:50 PM
Then I would suggest to work with an ABAPER to secure the interface and also look at SAP standard delivered roles which match your requirement and create a custom transaction/program to execute what you need.
ST01 should provide you all that SAP is capable following normal standards
07-20-2010 9:39 PM
Harish,
Go for custom authorization object.
Or give access to particular node wise based on modules
Thanks,
Sri
Edited by: sri on Jul 20, 2010 5:15 PM