
	Home > Ask the SAP Experts > SAP security Questions & Answers > Accessing the SE38 T code with only display authorization

Ask The SAP Expert: Questions & Answers

EMAIL THIS

Accessing the SE38 T code with only display authorization

EXPERT RESPONSE FROM: Corwin Slack

		Pose a Question

		Other SAP Categories

		Meet all SAP Experts
		Become an Expert for this site

Digg This!

StumbleUpon

Del.icio.us

QUESTION POSED ON: 08 February 2007
Is there a way to create a profile with access to the SE38 T code with only display authorization (not create/execute/delete)? I have restricted the field to DISPLAY alone in authorizations data, but still, some programs can be executed. The R/3 version is 4.5B.

EXPERT RESPONSE
Place an authorization group on every Type 1 program (except Type 1 type-pools) and give end users authority to execute all the programs using an authorization for S_PROGRAM that has actions BTCSUBMIT and VARIANT. Do not grant access for action SUBMIT. The user will be able to submit reports from any transaction that will start the report but not from SE38 or SA38 or from any other path to a code editor including System/Status.

In some versions of SAP, it is possible to submit a report while viewing the code for an include program for the report. You must make sure that this is not possible in your version, and if it is, you must determine the availability of OSS notes to correct the weakness in your version. Later versions of SAP all allow for executing Type 1 code while viewing an include, but they do enforce the authorization check.

Digg This!

StumbleUpon

Del.icio.us

RELATED CONTENT

	SAP security
	Job prospects in SAP security
	SAP HR security assignments for authorized managers
	Restricting sales document assignments by sales area
	Authorization objects with a value of single/double quote marks
	Error logging in using a reference ID
	Security risk: Users able to see data from other companies
	Assigning roles to all users in a group
	What is the process for resetting a DDIC password?
	Listing TCODE transactions used to view what users are logged in to SAP
	F_LFA1_APP and editing authorization restrictions

RELATED RESOURCES

2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems

Search Bitpipe.com for the latest white papers and business webcasts

Whatis.com, the online computer dictionary

Search and Browse the Expert Answer Center
Search and browse more than 25,000 question and answer pairs from more than 250 TechTarget industry experts.

Browse our Expert Advice
Operating Systems IT Management Networking Database	Security Servers and Storage Applications and Development Career Center

SAP White Paper Topics

SEARCH

TechTarget provides enterprise IT professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective IT purchase decisions and managing their organizations' IT projects - with its network of technology-specific Web sites, events and magazines.


TechTarget Corporate Web Site \| Media Kits \| Reprints \| Site Map All Rights Reserved, Copyright 2000 - 2008, TechTarget \| Read our Privacy Policy SearchSAP.com is a search service provided by TechTarget and is completely independent of and not affiliated with SAP AG.