Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Showing results for 
Search instead for 
Did you mean: 

How to limit a report's output with display only access for few users?

Former Member
0 Kudos

Hi All,

We have a custom t-code developed in CRM for executing a report and its output gets displayed in a table. Now there is a business requirement to restrict the authorization for the table fields to only 'Display' for selected users. I have checked with the developers and they have not included any authority check in their code. Please let me know, if this can be controlled by using the standard auth objects or can we go for a customizing auth object? I have tried restricting the access using S_TABU_DIS and S_TABU_NAM and didn't work. Can someone please share your thoughts?

Thanks,

PD

1 ACCEPTED SOLUTION

Private_Member_69416
Active Participant

Hi

If you have custom code you need to add authorization checks.

Build in SAP code checks are executed when you call standard code (like function module) from your ABAP.

Regards

Przemek

6 REPLIES 6

0 Kudos

Hi PD,

Usually, authorization object S_ATBU_DIS and S_TABU_NAME is for table access.

If you want to restrict the access to a report, you could package this report to a customized transaction, and only give users the authorization to transactions, but not SE38 to run the report.

The action to directly access to SE37 and SE38 should be strictly restricted in production system.

Best regards,

Candy

Private_Member_69416
Active Participant

Hi

If you have custom code you need to add authorization checks.

Build in SAP code checks are executed when you call standard code (like function module) from your ABAP.

Regards

Przemek

abhishek_sehgal
Explorer
0 Kudos

for Custom tcode you have to use a authority check statement with sy-ucomm for restricting downloading and for standard tcodes you can restrict downloading by auth object S_GUI

0 Kudos

Przemek is right, you should ask developer to modify their code to add the authorization check.

Private_Member_25738
Participant
0 Kudos

Hi Preethi,

The comments below have reason.

If you want restrict by S_TABU_DIS or S_TABU_NAME, first, the developers needs add an Authority-Check in the corresponding user-exist/enhancement, etc of the required program.

When the program have the authority-checks added andc work, you need add the authorization objects in your roles to restrict it for table names or authority groups.

Best regard.

Former Member
0 Kudos

Thank you all. We created a custom auth object and the developer included the auth check to the code and we got the desired result.

Rgds,

PD