05-19-2015 8:08 PM
Hello,
We would like to restrict the usage of the program RGUGBR00 which regenerates the validations, substitution, etc. One of the users executed this program with incorrect selection criteria (chose all the check boxes) and this reset all the Z SETS in production system.
All the developers and support members have access to SE80 in production to execute few programs. This opens up the restriction and any of them would be able to run RGUGBR00.
1) Is there a way to restrict the usage of the program without making changes to the program or its screen?
2) Is there a authorization object needed for this program?
Thanks,
Surya
05-19-2015 9:32 PM
You should not allow the users or consultants to run the programs / FMs in Production system. They should use the different procedures when required to run the programs. But, that is a different story.
I think there isn't any auth check object here. However, you can create an implicit implementation in the beginning of the subroutine CLIENT_INITIALIZE in program RGUGBR00. In the implementation, call your custom authorization object. If no authorization, trigger the message type 'A' (abend).
Regards,
Naimesh Patel
05-19-2015 9:32 PM
You should not allow the users or consultants to run the programs / FMs in Production system. They should use the different procedures when required to run the programs. But, that is a different story.
I think there isn't any auth check object here. However, you can create an implicit implementation in the beginning of the subroutine CLIENT_INITIALIZE in program RGUGBR00. In the implementation, call your custom authorization object. If no authorization, trigger the message type 'A' (abend).
Regards,
Naimesh Patel
05-20-2015 7:43 AM
All the developers and support members have access to SE80 in production to execute few programs. This opens up the restriction and any of them would be able to run RGUGBR00.
If there are only "few" programs create some transactions for those and don't give access to SE80/SE38 or such transactions in a productive systems, also insure Customizing is not opened in productive system (except during small interval of time for very special actions)
Hint: At least reduce objets allowed thru S_DEVELOP authorization object, no "*" please.
Look like sequel of some "confuse speed with haste" solution....
Regards,
Raymond