- SAP Community
- Groups
- Interest Groups
- Application Development
- Discussions
- Give authorization to all & restrict it to some
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Give authorization to all & restrict it to some
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-25-2008 8:26 AM
Hi All,
We want to restrict the display of AL11 to all the user.
The scenario is we do not want some of the files to be displayed to all the users.
I think we can restrict this in AL11 roles to give access to a specific folders/files, but I want to know if I can restict in such a way that the user has access to all the folders/files except a few one.
Please let me know your suggestions on this.
Thanks,
Nishikant
- SAP Managed Tags:
- Security
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-25-2008 9:50 AM
Hi Claire,
Use the object S_DATASET.
This contains the fields:
PROGRAM ABAP program name
ACTVT Activity
FILENAME Physical file name
provide the activity:
A6: Read file with filter (operating system command)
along with the FILENAME and PROGRAM.
you can try exploring the documentation for this object.
Regards,
Srihari
PS:In PROGRAM (ABAP programs) authorization check is performed with the function module AUTHORITY_CHECK_DATASET
Edited by: Srihari Rao on Jul 25, 2008 2:22 PM
- SAP Managed Tags:
- Security
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-25-2008 8:30 AM
I think you should look into transaction SM69. (and SM49)
If you create an OS command in SM69 to list the directory and files you want to show you may be able to give that to the user as a variant or parameter transaction of SM49, wihtout any further selection screen.
- SAP Managed Tags:
- Security
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-25-2008 9:50 AM
Hi Claire,
Use the object S_DATASET.
This contains the fields:
PROGRAM ABAP program name
ACTVT Activity
FILENAME Physical file name
provide the activity:
A6: Read file with filter (operating system command)
along with the FILENAME and PROGRAM.
you can try exploring the documentation for this object.
Regards,
Srihari
PS:In PROGRAM (ABAP programs) authorization check is performed with the function module AUTHORITY_CHECK_DATASET
Edited by: Srihari Rao on Jul 25, 2008 2:22 PM
- SAP Managed Tags:
- Security
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-25-2008 10:03 AM
Hi,
Thanks a lot for the reply,
I know it is possible to restrict it using the FILENAME field and the particular object.
But what we want is to restrict it for some files only, otherwise the user shuld be able to access all other files.
That means I should be able to use * in the FILENAME at the same time I should restrict the user for let say 2 files which I don't want to give him the access.
Is it possible to use 2 different roles for this? will it work that way?
Thanks,
Nishikant
- SAP Managed Tags:
- Security
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-25-2008 10:13 AM
Hi Claire,
When the system performs an authority check it will check whether the user have the particular authorization or not.
If you give star (), you're providing full access. And now you want star( )- 2...
this could be possible like if you have sequence. I mean to say that you can specify a range like A-G, I-M excluding the H.
But for file system ... it is not possible.
Regards,
Srihari
Edited by: Srihari Rao on Jul 25, 2008 2:55 PM
- SAP Managed Tags:
- Security
