cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Authorization Objects and RSABAPSC

Go to solution
Former Member

on ‎02-10-2012 8:15 AM

0 Kudos

Hi All,

I'm trying to get all the authorization objects associated with a program, without using system trace. I've tried using RSABAPSC but there are some programs that it doesn't output any authorization objects. When I checked using system trace, these programs do have auth objects. Does this mean that there are no authorization checks written in the program code?

Apart from using system trace and RSABAPSC, are there other ways of getting the authorization objects?

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

Former Member
‎02-10-2012 9:26 AM
0 Kudos

Hi Benedict,

There is another program that you can check for->RS_ABAP_SOURCE_SCAN. In the "String searched for" field enter the string AUTHORITY-CHECK. It will show you if there is any auhtorization check maintained in the program. Also you can search for CALL TRANSACTION to find out any other tcodes being called to the program.

Hopes this hepls.

Thanks,

Prabhu..

Show replies
Show replies
Former Member
‎02-10-2012 2:51 PM
0 Kudos

Hello Benedict,

In addition to what Prabhu said, you have to bear in mind that a program have different "flows" depending on the input parameters, and that means that different authorization checks are performed. I don't know why do you want to know this. If the idea is to create a role and give the corresponding authorizations, I think that the best option is to create a test role and a test user. Assign the test user ONLY the test role and make the necessary tests in order to make sure that all and only the required authorizations are included in the role for the specific usage of the transaction.

Cheers,

Diego.

Former Member
‎02-13-2012 6:06 AM
0 Kudos

How do I search for CALL TRANSACTION?

Former Member
‎02-13-2012 6:15 AM
0 Kudos

Yes Diego, that's what we're trying to do. We need to create roles and authorizations specifically needed by an ABAP user. My only concern for the testing is that it might take a lot of time to finish. That is why we're looking at programs like RSABAPSC to speed up the process. Do you know a way where we can speed up the process? For now, I only need the Authorization objects and their fields.

Former Member
‎02-13-2012 2:03 PM
0 Kudos

Hello Benedict,

I think that a trace (ST01) would be better. You can try with a user that has all the authorizations and you'll be able to see all the checks that were performed.

Anyway, I think that there's no "perfect method" and as I said before the checks depend on the program flow. Also have a look at here: http://forums.sdn.sap.com/thread.jspa?threadID=1837972

Are you trying to get the authorizations for a custom program? If not, why don't you start with SU24 proposals and testing scenarios? You'll probably get better answers in the Security forum.

Cheers,

Diego.

Answers (0)

Ask a Question