Solved: AL11

Former Member · ‎10-17-2007

How does one limit AL11 to a specific folder path. Although they may view other file paths, they should be only able to view files within a specific folder. When creating the role I have attempted to narrow it down to the object s_dataset and filename, but when I modify this portion it does not allow for any viewing capability. Is there a way to limit if via folder versus filename? Thanks

Former Member · ‎10-17-2007

Maritza,

Just end the file name permission with "sub folder"/*

Example: If you want to let them see all the files under the temp folder /usr/sap/temp/*

Good luck.

Lye

Message was edited by:

Tse-Hun Lye

Message was edited by:

Tse-Hun Lye

Former Member · ‎10-17-2007

Maritza,

Just end the file name permission with "sub folder"/*

Example: If you want to let them see all the files under the temp folder /usr/sap/temp/*

Good luck.

Lye

Message was edited by:

Tse-Hun Lye

Message was edited by:

Tse-Hun Lye

Former Member · ‎10-19-2007

Hello Maritza,

AL11 makes a call to function module AUTHORITY_CHECK_DATASET before opening the file (at which time the real S_DATASET authority-check is made).

In this case you can, in addition to defining the file name and the program context from which the file operation should be performed, also use the object S_PATH to protect paths to the files to be 'read' by placing an authorization group on them.

See SAP note 177702 and the documentation in SU21 (Administration) for more detailed infos.

Cheers,

Julius