Protect all reports against execution via SA38

Protect all reports against execution via SA38
By Wolfgang Morgenthaler

This tip is posted by Wolfgang Morgenthaler at Antarcon.de.

In the SAP standard system, it's possible to run nearly every report with transaction sa38. The reason: there is no authorization check, because the field authorization group is filled with spaces. This report copies the report name to the field authorization group. You should run this program after every release change.


TABLES:
  TRDIR.

SELECT-OPTIONS:
  S_NAME   FOR   TRDIR-NAME,
  S_secu   FOR   TRDIR-secu default ' ' OPTION EQ.

PARAMETERS:
 P_SECU  LIKE  TRDIR-SECU,
 P_UEBS             AS CHECKBOX,
 P_UPDA             AS CHECKBOX.

SELECT        * FROM  TRDIR
       WHERE  NAME  IN S_NAME
       AND    SECU  IN S_SECU.

  WRITE:
    / TRDIR-NAME,
      TRDIR-SECU.  " alte Gruppe

if trdir-secu ne space. " bereits gefuellt
  check p_uebs ne space.  " ueberschreiben?
endif. 

  IF P_SECU = SPACE.
    TRDIR-SECU = TRDIR-NAME.
  ELSE.
    TRDIR-SECU = P_SECU.
ENDIF.

  WRITE:
      TRDIR-SECU.    " neue Gruppe

  IF P_UPDA EQ 'X'.
    UPDATE TRDIR.
  ENDIF.

ENDSELECT.

Visit Antarcon.de's ABAP page to view this and other great tips, or to contact its author.

Did you like this tip? Hate it? Send us a note to let us know your opinion, or to submit your own tip.

This was last published in May 2001

Dig Deeper on SAP security administration

PRO+

Content

Find more PRO+ content and other member only offers, here.

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

-ADS BY GOOGLE

SearchManufacturingERP

SearchOracle

SearchDataManagement

SearchAWS

SearchBusinessAnalytics

SearchCRM

SearchContentManagement

SearchFinancialApplications

Close