Hi Juan,

Not necessary that you may have misunderstood the question.It could be me as well. Again it is a question of perception. My understanding is based on this statement:

" Is there any way ie:Auth object or any other to way to avoid insering into database at Authorization level instead of program level..."

What I understand from this is that Satya wants to ensure that will the reports can get executed but they don't insert data into tables. This should either be absolute or at the max allowed for certain users. In either cases code needs to be changed.

However if your understanding is correct then yes he needs to remove access to Z programs execution for which ST05 is one of ways to proceed.

regards.

Ruchit.

Hi,

I see a similar perspective from Ruchit...may be there are 2 ways..

1. To edit the code and insert a standard or Z auth object which gets called during execution of the report. If we can restrict this object then Display all works...

2, Restrict the Tcode to the users having Display All profile by removing Z* in S_TCODE object and provide a range that excludes this tcode.

Hopefully i see them as logical ways for his query...

Rgds,

Sri

Hi Friends,

Thanks for alll your valuable suggestions..

My issue was not solved..

Here I rephrase it again..

We are about 10 maintainence members and we would like ro have display operations only for production environment..

Problem:We have some Z* programs which has Insert code written.. and whenever we execute that program an entry is written to the appropriate table.. and when we check that table in se16 we are able to see that entry even tough display mode operations have been set..

We would like to know whether we can restrict insert access to this z* programs to the list of users ..

Or Any other suggestion from your end..

Regds,

Satyanarayana N.

Hi,

As said by Ruchit that I would like to restrict execute to Z* Programs and that can be done by ST05..

Could you please let me know the exact procedure and any other alternatives..

Regds,

Satyanarayana N..

Hello Satya,

You have got my point wrongly and infact you seek to do something different. Using ST05 you can run an authorization trace of what all authorization objects are checked while executing the reports and not actually restict the authorization to execute them. Once you have the trace ready you need to analyze it and then remove access to the authorization values (not entire objects) that are being displayed in the trace.

However if the reports do data insertion and you don't want that to happen then why do all this unecessary hardwork. I would in this case stick to Juan's approach and remove access to Z reports. However if apart from insertion the reports independently do some data reading then I would go for ST05 route. But I dont know why you are using reports for data insertion. Long time back when I learnt ABAP I was told data updates should be normallydone using dialog programming and reporting should for only reading data. Not that updates using reports is totally barred but is not the best approach.

Regards.

Ruchit.

Hi,

AS said by ruchit that we rae not using reports for data insertion we rae using programs that will insert data in to table specified by program..

All I want to know is how we can restrict access to z* programs and is it possible to avoid only execution of z* programs and display should be possible.

Pls suggest.. and let me know the restriction procedure for z* programs..

Regds,

Satyanarayana N.

Hi Satya,

In case you are using SE38 for execution then remove access using S_Program authorization object.

Regards.

Ruchit.