This article shows how to set up access control for specific reports.
By default all reports are accessible.
To limit access to a report, an authorization group must be assigned to the report.
Access to the report can then be granted through the S_PROGRAM authorization object, see SAP Note 338177.
Authorizing Access to Specific Reports #
- Log into SAP and use transaction code SE38 to open the ABAP Editor.
- Enter the name of the report you want to restrict access to and select Attributes as the Subobjects.
- Click [Change]. A window that contains the program attributes opens.
- Assign an authorization group.
Assigning an authorization group makes the report not accessible from function modules like Z_XTRACT_IS_REMOTE_REPORT via SUBMIT nor through the associated TCODE.
- To grant access to users, edit or create a user role to grant access to (transaction code PFCG).
- Manually assign the authorization object S_PROGRAM to the user role.
- Select the action SUBMIT in the S_PROGRAM object field P_ACTION.
- Assign the same authorization group that is assigned to the report to the S_PROGRAM object field P_GROUP.
- Save and generate the authorization.
- Assign the user role to users.
Note: Reports without an assigned authorization group can be accessed freely.