Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

SAP Auth for SPRO objects

Former Member

‎07-20-2010 8:11 PM

0 Kudos

Hi,

We have interfaces which sends the Config & master data to third party application(Non SAP).

In typical integration environment, we send all Config data like Company code, plant, Sales Org etc via interfaces. We also send transaction data like Customer, vendor.

We are trying to put security checks so that, person who has create Company code authorization ( we can even settle for change/display) can only run this interface ( to send the company code data to 3rd party application)

I tried looking & setting trace using ST01. While creating company it checks 'S_TABU_DIS" which is for table maint. This may not work for our kind of requirement.

Is there any way/authorization object , by which SAP can restrict creation of SPRO data, like Company Code, Sale Area etc and is this general auth or combined.

Thanks for your time

Regards

Harish

4 REPLIES 4

Former Member

‎07-20-2010 9:02 PM

0 Kudos

SPRO is a "spider web" transaction it needs table access to execute many of the actions in SPRO

For your need if you are able to group the table access to an authorization group , you can restrict the access to display only.

I think your tasks are convoluted some of the authority checks you might capture but still table access will be an issue

Any plans on customization? or you have to restrict through authorizations only.

Former Member
In response to Former Member

‎07-20-2010 9:06 PM

0 Kudos

Thanks for the reply. We plan to restrict only by authorization. This will be checked in ABAP coding of interfaces.

However we have a restriction to use standard SAP objects, since we ship our product to various customers.

Regards,

Harish

Former Member
In response to Former Member

‎07-20-2010 9:50 PM

0 Kudos

Then I would suggest to work with an ABAPER to secure the interface and also look at SAP standard delivered roles which match your requirement and create a custom transaction/program to execute what you need.

ST01 should provide you all that SAP is capable following normal standards

Former Member

‎07-20-2010 9:39 PM

0 Kudos

Harish,

Go for custom authorization object.

Or give access to particular node wise based on modules

Thanks,

Sri

Edited by: sri on Jul 20, 2010 5:15 PM