Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Export GUI activity authorisation

Go to solution
Former Member

‎02-10-2014 2:02 PM

Hello,

I have a requirement to authorize a user for quotations and sales order pdf export but to restrict the excel export of a specific report for the same user.

I saw that S_GUI authorisation is responsible for document export. But I don't know how to allow the 61 Export activity for some transactions and to exclude it for others.

I tried to define two different roles, one with and the other without S_GUI 61 Export authorisation.

If I assign only one role at a time than the user has the authorisation according with the role . If I assign both roles to the same user them he has authorisation for all exports.

Can someone tell me what can be done to achieve this?

Regards,

Daniela

1 ACCEPTED SOLUTION

Go to solution
jurjen_heeck
Active Contributor

‎02-10-2014 3:08 PM

Hi Daniela,

The fact that the S_GUI object only has one field should already tell you that you can not restrict on specific files. So for downloading via the front end it is an all-or-nothing situation.

Maybe there's an option to download the pdf's to a different file/server/location regularly so the user can pick them up from there.

Jurjen

6 REPLIES 6

Go to solution
jurjen_heeck
Active Contributor

‎02-10-2014 3:08 PM

Hi Daniela,

The fact that the S_GUI object only has one field should already tell you that you can not restrict on specific files. So for downloading via the front end it is an all-or-nothing situation.

Maybe there's an option to download the pdf's to a different file/server/location regularly so the user can pick them up from there.

Jurjen

Go to solution
Former Member
In response to jurjen_heeck

‎02-12-2014 3:23 PM

0 Kudos

Hello Jurjen,

You're right. It's an all-or-nothing situation.

We created a new user only for reports whit no export authorisation.

For the existing users we exclude the reports and kept the sales transaction with export authorisation.

Regards,

Daniela

Go to solution
martin_voros
Active Contributor

‎02-10-2014 10:51 PM

0 Kudos

Hi,

when you do Where used for S_GUI object you will see that it's not used on many places. So you could introduce new authorization object with more granular access control (e.g. transaction code) and then use enhancement framework to add check for this new object everywhere where S_GUI is checked.

Cheers

Go to solution
Former Member
In response to martin_voros

‎02-12-2014 3:18 PM

0 Kudos

Hello Martin,

Thank you for the proposed solution.

As I said to Julius I'm doing only the authorisation. No enhancement.

Regards,

Daniela

Go to solution
Former Member

‎02-10-2014 11:09 PM

0 Kudos

If this is your own report, then you can very easily control it via the user command to create the PDF.

This is then a functional restriction of the command which clears the field value and not something authorization dependent.

If it is a standard transaction then you will have more success using sy-repid and sy-dynnr to clear the field as a condition than sy-tcode (my opinion).

Cheers,

Julius

Go to solution
Former Member
In response to Former Member

‎02-12-2014 3:15 PM

0 Kudos

Hello Julius,

This is not my report. I'm not an ABAP programmer.

I'm doing only the authorisation.

Regards,

Daniela