Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Programs

Former Member

‎05-22-2007 9:45 AM

0 Kudos

hi all,

Can any one explain what is RSCSAUTH & RSABAUTH.

please provide me steps by step by procedure.

4 REPLIES 4

Former Member

‎05-22-2007 10:00 AM

0 Kudos

Hi Sri,

<b>RSCSAUTH:</b> ABAP programs can be assigned authorization groups using which we can control which users can display,change and execute the reports. There is a field for authorization group in authorization objects <b>S_DEVELOP</b> and <b>S_PROGRAM</b>. If you have assigned an authorization group to a report then unless the user has access to that authorization group through <b>S_DEVELOP</b> and<b> S_PROGRAM</b> with necessary activites he can not display,change or execute or even create a report for that authorization group. The report <b>RSCSAUTH</b> allows you to assign authorization groups to ABAP programs/reports.

<b>RSABAUTH</b>: <b>TRDIR</b> contains attribute records and other control records of ABAP programs. Now all ABAP prgorams are assigned to an application area. Table <b>TPGP</b> stores the mapping of application areas and authorization groups. So when you execute the program <b>RSABAUTH</b> for an ABAP program it will look for its application area and its authorization group from <b>TRDIR</b> table . Then it will transfer the entry for it from <b>TRDIR</b> to <b>TPGP</b>.

You can find details like authorization group,application etc. in the attributes of a program. Go to <b>SE38</b> for that and give program name,choose radio button <b><b>Attributes</b></b> and then display.

I hope this is useful.

<removed_by_moderator>

Regards.

Ruchit.

Edited by: Julius Bussche on Jul 30, 2008 1:46 PM

Former Member
In response to Former Member

‎07-30-2008 2:33 PM

0 Kudos

I am to understand that S_PROGRAM is checked when reports / programs.

1. Every program (at least custom programs) when created should be associated with a authorization group for security reasons.

2. For a user to have access to that program through SA38 or SE38, he should have S_PROGRAM in his profile. The authorization group which is associated with that program should also be present in his profile. It is only then that the user will be able to execute this program.

3. I think that for those programs which are not associated with a authorization group, the user will be able to execute them irrrespective of S_PROGRAM status.

S_DEVELOP has to do with the having access to Development (ABAP Workbench and others)

ravi

Former Member

‎09-13-2008 3:09 AM

0 Kudos

I tried assigning a custom authorization group to a few programs. I then created a role containing SE38 access with S_PROGRAM limited to the new custom authorization group. I assigned the role to a test user.

With the test user I was still able to run all programs in se38.

I later read something - perhaps on this forum - that explained this.

Authorization checks of S_PROGRAM will allow a user to run only the programs in the assigned authorization group AND any programs that are not assigned to a group.

Hopefully this info will help someone else from some unnecessary frustration.

Thanks.

Former Member
In response to Former Member

‎09-14-2008 9:22 AM

0 Kudos

Note that the check (when not supressed) is performed slightly differently depending on:

- Whether submitted from the workbench / test environment.

- Whether submitted via it's variant or a 'start_report'-only type of transaction (for example via a menu).

- Whether submitted in the background.

Cheers,

Julius