Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Showing results for 
Search instead for 
Did you mean: 

Restriction on file access at unix level

Former Member
0 Kudos

Hi ,

Iam trying to restrict unix file system access in SAP roles.

Q1. Is it fine if the access is restricted by S_DATASET only or access should also be restricted in S_PATH object.

Q2. if i start restricting using S_DATASET object with appropriate path names in roles. Most of the roles are parent -derived roles (inheritance relationship), and different value should be maintained in parent role and child role.

how this can be achieved ? Can FILENAME field in S_DATASET be made as organisational level ?

Please let me know if there is any best approach for the above scenario.

Thanks,

Sanketh.

2 REPLIES 2

Former Member
0 Kudos

Hi Sanketh,

A1: Yes, S_DATASET will control SAP users access to the paths at OS level. It works OK like that.

A2: No, it is not possible to create a hierarchy in the authorizations for S_DATASET. As you know, authorization objects in SAP are additive, so the final and real authorization is the less restrictive of all them existing in different roles assigned to a user.

Hope this helps

Best Regards

Francisco

Bernhard_SAP
Employee
Employee
0 Kudos

Hi,

please check note 177702 for the relation of s_dataset to s_path.

You may change FILENAME to an orglevel field, if you really think, that so many users will need different values assigned through derived roles.

b.rgds, Bernhard