Question:
Hello all,
Can anyone think of a reason why there would be a need to create program authorization groups if the following are true?
1. We would not be using a report tree...SRET
2. We do not give out SE38 and SA38 in PRD to non-Support users.
3. If a report needs to be executed in PRD, then a custom transaction will be created.
4. We don't care what programs support people can run in DEV/QA.
5. All Basis folks work in Client 000 in PRD. - no data.
Thanks.
Answer:
1 good reason... to secure Z programs. These can be linked to new Tcode...
_________________
SapFans Moderator
NetWeaver ‘04–SAP Web AS for ORACLE certified
Search: /forums/search.php
SAP Notes: http://service.sap.com/notes
SAP Help: http://help.sap.com
Basic Rules: /forums/viewtopic.php?t=222759
Answer:
Because without authorization groups on reports you can execute any report in the system and look at any table generally with the authorization you give users. It is the ONLY way to ensure reports you do not want run to be controlled.
With that said, the probability of this occuring based on your current controls are small.