Solution : https://service.sap.com/sap/support/notes/338177 (SAP Service marketplace login required)
Summary :
This SAP Note details the authorization checks for program executions within the development environment. In transaction SE38, executing reports requires only the 'Display' activity from the S_DEVELOP authorization object, effective from BASIS Release 5.0. Similarly, for SE37 transactions testing function modules, the same authorization suffices. However, the 'SUBMIT report' only checks the S_PROGRAM authorization if the program attributes contain an authorization group; absent this, no check occurs. Additionally, changes involving execution authorizations necessitate considerable modifications in both the development environment and system runtime, which are seen as unnecessarily extensive and laborious from SAP's perspective.
Key words :
executable program performs critical actions, ecatt test configurations, authorization object s_develop, 'submit report' checks, authorization object s_program, required authorizations individually, authorization concept stricter, additional authorization check, authorization group field, function module checks
Related Notes :
| 1393432 | EHS: Authorization checks during data transfer |
| 1012066 | Security note: Authorization check when executing reports |
| 826994 | RACHECK1: entering authorization group as security |
| 33154 | Report authorizations without SSCR |
| 20534 | |
| 16669 | Authorization check when executing a report |
| 7642 | Authorization protection of ABAP/4 programs |