cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Restricting Reports in user Authorizations

Go to solution
Former Member

on ‎06-14-2011 8:00 PM

0 Kudos

Once an user roles are setup giving them access to or restricting their access to at the infotype level, do you then also need to restrict access to individual reports?

I was thinking that everyone should have access to reports. Running a report that included a restricted infotype would give an error message anyway, so why use double restriction on the infotype as well as the SAP standard report? There may be a case for Z reports.

Any thoughts? any best practices?

Thanks

Pascal

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

Former Member
‎06-14-2011 11:00 PM
0 Kudos

For Z reports its better to create a Tcode and give access to the users who need it.

For Adhoc standard reports users who don't have access to the particular infotype will not get any error message, but that field will be blank in the output.

Show replies
Show replies

Answers (4)

Answers (4)

Former Member
‎06-15-2011 2:01 PM
0 Kudos

Thanks for all those who responded. My question was particularly for reports that are delivered by SAP - the SAP standard reports. I am trying to figure out whether there are any valid reasons why standard reports might be expressly restriced to general users when the user's access is already restricted by infotypes/subtypes.

Thanks

Pascal

Edited by: Pascal Menezes on Jun 15, 2011 9:02 AM

Show replies
Show replies
former_member201275
Active Contributor
‎06-15-2011 2:46 PM
0 Kudos

It's additional authorization control. Even though a user is restricted to infotype access you may have a situation where a report may return the same, or similair, information without necessarily accessing the infotype that the user is restricted to. Sometimes logical database may be used, or cluster tables, or bespoke tables, etc, and you may want access to these restricted.

Former Member
‎06-15-2011 1:45 PM
0 Kudos

Hi

For standard reoprts where you use LDB the standard authorozations will work but for Z reports you need to assign them to LDB and also check for various authorizations.

R K

Show replies
Show replies
former_member201275
Active Contributor
‎06-15-2011 8:59 AM
0 Kudos

I think this is best practice:

http://help.sap.com/saphelp_470/helpdata/en/16/b8b83b5b831f3be10000000a114084/content.htm

Show replies
Show replies
AFS
Product and Topic Expert
Product and Topic Expert
‎06-15-2011 8:14 AM
0 Kudos

Hi,

I would say it depens on the way the reports have been developed. For example, all reports that are based in logical databases PNP and PNPCE will restrict the access just to the infotypes the user has authorization to...and also just to the employees he has access to.. so if your Z reports are based on this LDB there should be no problem... Basically the HR authorization checks are performed in the LDB coding.. But if the reports are not based on these LDBs, then it will depend on how they were developed and if the authority-check was done correclty there... (for the Z reports)..

Regards,

Ana

Show replies
Show replies
Ask a Question