Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Maintaining Auth Object S_ALV_LAYO to disable saving default layouts

Go to solution
Former Member

‎09-07-2015 7:25 PM

Hi Experts,

Good day.

I would like to seek your help to guide me how to maintain auth object S_ALV_LAYO. This is to not allow certain users to save default layouts.

Thanks.

1 ACCEPTED SOLUTION

Go to solution
Colleen
Advisor
Advisor

‎09-07-2015 11:12 PM

0 Kudos

Hi Jajah

  1. Step 1 - don't use the object in Production - at least not for end users
    1. Ignore any SU53/STAUTHTRACE/ST01 output that shows a failure on this object
  2. Step 2 - discuss with your solution architect how ALV Global Variants should be managed
    1. Are you allowing direct updates in Production?
    2. Are you transporting from Development instead?
  3. Step 3 - decide if you want users creating their own local/user specific ALV variants
  4. Step 4 - read up on objects S_ALV_LAYR and F_IT_ALV

This is an example of cross-functional access. Like background job access, there should be a policy that you build and restrict access to. If not, you end up with situation where users ring the service desk complaining each day that someone keeps changing their layout or a program fails to run as the default layout has been altered or removed.

Regards

Colleen

8 REPLIES 8

Go to solution
Colleen
Advisor
Advisor

‎09-07-2015 11:12 PM

0 Kudos

Hi Jajah

  1. Step 1 - don't use the object in Production - at least not for end users
    1. Ignore any SU53/STAUTHTRACE/ST01 output that shows a failure on this object
  2. Step 2 - discuss with your solution architect how ALV Global Variants should be managed
    1. Are you allowing direct updates in Production?
    2. Are you transporting from Development instead?
  3. Step 3 - decide if you want users creating their own local/user specific ALV variants
  4. Step 4 - read up on objects S_ALV_LAYR and F_IT_ALV

This is an example of cross-functional access. Like background job access, there should be a policy that you build and restrict access to. If not, you end up with situation where users ring the service desk complaining each day that someone keeps changing their layout or a program fails to run as the default layout has been altered or removed.

Regards

Colleen

Go to solution
Former Member
In response to Colleen

‎09-09-2015 2:42 PM

0 Kudos

Hi Colleen,

Thank you for your response.

Actually this question came from the issue that the users wanted to disable the "default setting" checkbox in ALV layout. Since it is standard program, we can't do code change. I opened OSS message and sap mentioned this auth object.

To answer your question: The tcodes are being accessed in production.

The original request was to gray out th checkbox for default setting so i assume user specific will be used.

Please assist.

Thanks

Go to solution
Colleen
Advisor
Advisor
In response to Colleen

‎09-09-2015 11:32 PM

0 Kudos

Hi Jajah

The default is user-specific.

Why would you need to lock that down? If you do that you are taking functionality away from the users.

If you don't grant S_ALV_LAYO to the user then they cannot change default for the report.The user can go into and manage their variants to remove default.

What is the risk in a user creating their own default? 

Without seeing the context of what SAP said, that object is all about globally maintaining a layout and publishing it so it's available to all users. Users can still come in and make the choice.

A possible way to lock it down is to grant F_IT_ALV with ACTVT 03. However, this will mean users cannot save their own variants and must use the global display variants. This could frustrate users who access reports frequently and build their own variants (it would apply to all the ALVs).

Regards
Colleen

Go to solution
JL23
Active Contributor
In response to Colleen

‎09-09-2015 11:38 PM

0 Kudos

Without S_ALV_LAYO the user is still able to create personal layouts

S_ALV_LAYO enables a user to maintain general layouts, can amend general layouts that are created by other users.

Go to solution
Colleen
Advisor
Advisor
In response to Colleen

‎09-09-2015 11:41 PM

0 Kudos

Hi Jurgen

Agree but if you do add optional authorisation F_IT_ALV you can restrict the user from creating their personal variants (though it's been a while). Full access to F_IT_ALV is the same as no access to the object.

But yes, that was my point - you can't stop the default flag as it's not secured unless you take away all ability which does not make sense for a user.

Regards

Colleen

Go to solution
Former Member
In response to Colleen

‎09-10-2015 4:54 PM

0 Kudos

Hi Colleen,

The user wants to disable the default setting checkbox.

How could we do that using auth object?

Thanks

Preview file
42 KB

Go to solution
Colleen
Advisor
Advisor
In response to Colleen

‎09-11-2015 2:58 AM

0 Kudos

I don't think security authorisation is going to allow that

Again, why does a user want to disable that feature? It is one user or a business requirement? What is the risk?

Go to solution
Former Member
In response to Colleen

‎06-10-2016 7:00 AM

0 Kudos

Dear

Can u explain how you did disable default setting i tried S_ALV_LAYO and F_IT_ALV but ni luck

can u elaborate on the same

Regards