When you run a report (e.g. from SA38, SE38, or with SUBMIT), no authorization check is performed.
() abapnote, se38, sa38, submit, authoritycheck, s_program, reportingbaum, trdir
ADDITIONAL-DESCRIPTORS
Branch
When a report is started via SUBMIT (especially when executed from SA38 or SE38), the ABAP runtime environment first checks whether an authorization group has been entered in the attributes.
If so, the system checks the corresponding user authorization (object S_PROGRAM) and terminates processing when necessary.
If not, nothing is checked, and the report is executed.
1. Enter an authorization group in the attributes.
2. In many reports, authorization checks are performed at runtime, often by the logical databases themselves.
3. Starting in Release 3.0, SA38 will be replaced by a reporting tree that contains all the reports (together with variants and saved lists). The reports are assigned to various nodes of the reporting tree. In addition SAP standard reports, the tree also contains customer- defined reports, and the tree can be maintained in Customizing.
Every node in the reporting tree can have an authorization group and/or inherit one from its predecessor. In this case, when you branch to the contents of a node (e.g. to the reports), an authorization check is performed, and processing cancelled when appropriate. It is therefore possible to install comprehensive authorization protection for all reports without having to change the attributes.
Additional key words
Reporting tree, reporting tree, sa38, se38, sarp, serp, sart
No comments:
Post a Comment