RSCSAUTH: Define/Restore Authorization Group

Posted by — October 3, 2021 in SAP PROGRAM Leave a reply

Maintain Program Authorizations

Many SAP programs are supplied either with an authorization group that does not fit in with the customer’s authorization system or is without an authorization group altogether. This report allows you to maintain the authorization groups for such programs without the need to change the program attributes. It also allows you to restore customer-specific authorization groups following an Upgrade.

Program RSCSAUTH generates a list of type 1 reports (“Program” column), the authorization groups as maintained by SAP (“SAP” column), and those maintained by the customer “Customer” column).

The “Customer” column is an input field where you can enter your own authorization groups.

When you choose “Save”, the customer-specific authorization groups for all SELECTED reports are copied into Table TRDIR. This has the same effect as changing the authorization group in the program attributes; existing SAP authorization groups are overwritten. The authorization groups for each report are also entered in Table SREPOATH. This is to allow you to restore customer-specific authorization groups following an upgrade by running RSCSAUTH again.

With the “Transport” function, assignments of customer-specific authorization groups belonging to all selected reports (that is, the entries in Table SREPOATH) can be placed in a transport request. (See also the explanations below under item 3.)
In addition, all programs for which a customer-specific authorization group was entered in the program attributes using the “Save” function are placed in the transport request. By cancelling the “Copy Programs to Request” popup for selecting a transport request, you can suppress the adoption of the programs in the transport request if you do not wish this to take place. (See also the explanations below under item 4.)

Selection Screen

Report Selection

Here you can select the programs whose authorization groups you wish to maintain. You can limit your selection to,

  • Particular programs (“Program name” selection)
  • Programs supplied by SAP with a particular authorization group (or without an authorization group) (“Authorization group (SAP)” selection)
  • Programs from particular applications (“Application” selection)
  • Programs with a particular logical database (“Log. DB directory” and “from application” selection).

Authorization Groups

You can choose here whether to maintain customer-specific authorization groups (“Maintain” box) or whether to transport customer-specific authorization groups between SAP Systems or restore old settings after an Upgrade (“Restore/ Transport” box).

You cannot maintain and restore (with transport) authorization groups simultaneously. If you try to select options from both boxes at the same time, an error message is displayed.

If authorizations groups are to be maintained and subsequently transported, you should start the report using the option “Create/Change” in the “Maintain” section. After you have saved, call the “transport” function in the “Authorizations” menu. In this way, the assignments of the customer-specific authorization groups for all selected reports (Table SREPOATH) are copied into a transport request. In addition, all programs for which a customer-specific authorization group was entered in the program attributes using the “Save” function are placed in the transport request. (Cancel the “Copy Programs to Request” popup if you do not wish the programs to be adopted in the transport request.)

Maintain

Select “Create/ Change” to maintain customer-specific authorization groups.

Defaults can also be supplied for the new authorization groups:

  • Copy authorization groups from default value. The value entered here is now suggested for all reports for which no customer-specific authorization group has yet been entered.

Restore/ transport

The functions in this box are not for maintaining, but for transporting customer-specific authorization groups, as well as for restoring them following an Upgrade.

The following functions are available:

  1. Test run:
    All reports for which customer-specific authorization groups exist are listed: Report name, SAP authorization group, Customer-specific authorization group.
  2. Restore:
    You can use this function to restore customer-specific authorization groups (for example, following an upgrade). A check list is output (as described under item 1). The SAP authorization groups are shown in the SAP column. In the “Customer” column you have the customer-specific authorization groups with which the SAP authorization groups are overwritten.
  3. Restore with transport of assignments (SREPOATH):
    You first see a dialog box in which you specify a transport request. Alternatively, you can branch from here into the transport and correction system. The assignments of the selected reports for customer-specific authorization groups are entered in the transport request. A check list is output afterwards (as described under item 2).
    When you release the transport request, the assignments of the authorization groups (Table SREPOATH) are transported into the target system. In order to change the program attributes in the target system, in other words, to copy the authorization groups into Table TRDIR in the target system, you need to run Report RSCSAUTH using the “Restore” option.
  4. Restore with transport of assignments and programs:
    In addition to the functionality described unter item 3, the changed program attributes are also placed directly into a transport request. Here you get a second popup with the title “Copy Programs to Request”, where you can specify a transport request. Since program attributes can only be transported together with the programs, the selected programs (LIMU REPS [programmname] ) are entered into the transport request – provided that during “Restore” the customer authorization group was different from the current one entered in the program attributes. A check list is output afterwards (as described under item 3).
    When you release the transport request, the assignments of the authorization groups (Table SREPOATH) and also the changed program attributes (programs) are transported into the target system. In the target system, executing RSCSAUTH again is no longer necessary – in contrast to what is described in item 3.

Note:
The option of also transporting the changed program (attributes) is available after an SP import or an Upgrade. For this purpose, bind the request generated by the RSCSAUTH program into the SPAU request.

This option is also very suitable for post-maintenance of authorization groups of specific programs since renewed execution of RSCSAUTH in the target system is not necessary.
However, this option is unsuitable for mass maintenance of authorization groups of several programs because the transport could become very large through the adoption of entire programs.

The programs (LIMU REPS [programmname])) are entered directly into the specified transport request, without these objects being blocked in the request. Before you release the request, lock the object in the request to avoid having a program change (that was executed with another transport request) already transported with this particular request.

You May Also Like

RSAU_TRANSFER: File-Based Transports of SAL Configuration

REGENERATE_SAP_APP: Create Full Authorizations for Applications

RS_ICF_SERV_MASS_PROCESSING: Mass processing of ICF services

How to Export All Active and Inactive SICF Services in SAP

Leave a Reply?