Tip

Protect all reports against execution via SA38

Protect all reports against execution via SA38
By Wolfgang Morgenthaler

This tip is posted by Wolfgang Morgenthaler at Antarcon.de.

In the SAP standard system, it's possible to run nearly every report with transaction

    Requires Free Membership to View

sa38. The reason: there is no authorization check, because the field authorization group is filled with spaces. This report copies the report name to the field authorization group. You should run this program after every release change.


TABLES:
  TRDIR.

SELECT-OPTIONS:
  S_NAME   FOR   TRDIR-NAME,
  S_secu   FOR   TRDIR-secu default ' ' OPTION EQ.

PARAMETERS:
 P_SECU  LIKE  TRDIR-SECU,
 P_UEBS             AS CHECKBOX,
 P_UPDA             AS CHECKBOX.

SELECT        * FROM  TRDIR
       WHERE  NAME  IN S_NAME
       AND    SECU  IN S_SECU.

  WRITE:
    / TRDIR-NAME,
      TRDIR-SECU.  " alte Gruppe

if trdir-secu ne space. " bereits gefuellt
  check p_uebs ne space.  " ueberschreiben?
endif. 

  IF P_SECU = SPACE.
    TRDIR-SECU = TRDIR-NAME.
  ELSE.
    TRDIR-SECU = P_SECU.
ENDIF.

  WRITE:
      TRDIR-SECU.    " neue Gruppe

  IF P_UPDA EQ 'X'.
    UPDATE TRDIR.
  ENDIF.

ENDSELECT.

Visit Antarcon.de's ABAP page to view this and other great tips, or to contact its author.

Did you like this tip? Hate it? Send us a note to let us know your opinion, or to submit your own tip.

This was first published in May 2001

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.