Sunday, 10 November 2013

Maintain/Restore Authorization Groups

Report Authorization Maintenance

Many SAP programs are supplied either with an authorization group which does not fit in with the customer's authorization system or without an authorization group altogether. This report allows you to maintain the authorization groups for such programs without the need to change the program attributes. It also allows you to restore customer-specific authorization groups following an Upgrade.
Program RSCSAUTH generates a list of type 1 reports ("Program" column), the authorization groups as maintained by SAP ("SAP" column), and those maintained by the customer "Customer" column).
The "Customer" column is an input field where you can enter your own authorization groups.
When you choose "Save", the customer-specific authorization groups for all SELECTED reports are copied into Table TRDIR. This has the same effect as changing the authorization group in the program attributes, as existing SAP authorization groups are overwritten. The authorization groups for each report are also entered in Table SREPOATH. This is to allow you to restore customer-specific authorization groups following an upgrade by running RSCSAUTH again.

Selection Screen

Report Selection

Here you can select the programs whose authorization groups you wish to maintain. You can limit your selection to
  • Particular programs ("Program name" selection)
  • Programs supplied by SAP with a particular authorization group (or without authorization group) ("Authorization group (SAP)" selection)
  • Programs from particular applications ("Application" selection)
  • Programs with a particular logical database ("Log. DB directory" and "from application" selection).

Authorization Groups

You can choose here whether to maintain customer-specific authorization groups ("Maintain" box) or whether to transport customer-specific authorization groups between SAP Systems or restore old settings after an Upgrade ("Restore/ Transport" box).
You cannot maintain and transport (or restore) authorization groups simultaneously. If you wish to maintain and then transport authorization groups, you will need to run the report twice; once with the "Create/ change" option in the "Maintain" box, and then with the "Restore with transport" option in the "Restore/ Transport" box. If you try to select options from both boxes at the same time, an error message is displayed.

Maintain

Select "Create/ change" to maintain customer-specific authorization groups.
Defaults can also be supplied for the new authorization groups:
  • Copy authoriziation groups from:
  • Default authorization group
    The value entered here is now suggested for all reports for which no customer-specific authorization group has yet been entered.
  • Report tree
    Here you can enter the name of a report tree. The node authorization is suggested as a default for all reports in the tree. The node authorization is also displayed in a separate column. Existing customer-specific authorization groups are NOT overwritten by the node authorization. If a report exists in more than one node, the authorization of the first node (alphabetically!) is used. Authorizations for private nodes are ignored.
If both a default value and an authorization tree are specified, the default value is only used for reports for which no node authorization could be found.

Restore/ transport

The functions in this box are not for maintaining but transporting customer-specific authorization groups, as well as for restoring them following an Upgrade.
The following functions are available:
  • Test run
    All reports for which customer-specific authorization groups exist are listed: Report name, SAP authorization group, Customer-specific authorization group.
  • Restore
    You can use this function to restore customer-specific authorization groups (ex. following an upgrade). A check list is output (as with the test run). The SAP authorization groups are shown in the SAP column. In the "Customer" column are the customer-specific authorization groups with which the SAP authorization groups are overwritten.

  • Restore with transport
    You first see a dialog box in which you specify a transport request. Alternatively, you can branch from here into the transport and correction system. The selected reports with the customer-specific authorization groups are entered in the transport request where the customer authorization group differs from the SAP authorization group. Afterwards a check list is output, similarly to the "Restore" function.
    When you release the transport request, the authorization groups are transported into the target system. In order to change the program attributes in the target system, in other words, to copy the authorization groups into Table TRDIR in the target system, you need to run Report RSCSAUTH using the "Restore" option.