Protect all reports against execution via SA38

Protect all reports against execution via SA38
By Wolfgang Morgenthaler

This tip is posted by Wolfgang Morgenthaler at Antarcon.de.

In the SAP standard system, it's possible to run nearly every report with transaction sa38. The reason: there is no authorization check, because the field authorization group is filled with spaces. This report copies the report name to the field authorization group. You should run this program after every release change.


TABLES:
  TRDIR.

SELECT-OPTIONS:
  S_NAME   FOR   TRDIR-NAME,
  S_secu   FOR   TRDIR-secu default ' ' OPTION EQ.

PARAMETERS:
 P_SECU  LIKE  TRDIR-SECU,
 P_UEBS             AS CHECKBOX,
 P_UPDA             AS CHECKBOX.

SELECT        * FROM  TRDIR
       WHERE  NAME  IN S_NAME
       AND    SECU  IN S_SECU.

  WRITE:
    / TRDIR-NAME,
      TRDIR-SECU.  " alte Gruppe

if trdir-secu ne space. " bereits gefuellt
  check p_uebs ne space.  " ueberschreiben?
endif. 

  IF P_SECU = SPACE.
    TRDIR-SECU = TRDIR-NAME.
  ELSE.
    TRDIR-SECU = P_SECU.
ENDIF.

  WRITE:
      TRDIR-SECU.    " neue Gruppe

  IF P_UPDA EQ 'X'.
    UPDATE TRDIR.
  ENDIF.

ENDSELECT.

Visit Antarcon.de's ABAP page to view this and other great tips, or to contact its author.

Did you like this tip? Hate it? Send us a note to let us know your opinion, or to submit your own tip.

This was first published in May 2001

Dig deeper on SAP security administration

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

SearchManufacturingERP

SearchOracle

SearchDataManagement

SearchAWS

SearchBusinessAnalytics

SearchCRM

SearchContentManagement

SearchFinancialApplications

Close