Solution : https://service.sap.com/sap/support/notes/7642 (SAP Service marketplace login required)
Summary :
ABAP programs must be safeguarded against unauthorized access. When a program is assigned to an authorization group, several actions like starting, scheduling, or maintaining variants will trigger an authorization check (S_PROGRAM). Checks are done generically, so if a user has the value "VEND" in P_GROUP of object S_PROGRAM, they can execute all programs whose authorization group starts with "VEND". Program changes are controlled by S_DEVELOP. To mitigate risks, assign authorization groups via program attributes, maintain user master records, and set editor block flags. Note that authorization groups and editor lock flags may be overwritten during upgrades.
Key words :
additional key words se38, restores thepreviously changed authorization, changing field trdir-edtx, solution assign authorization groups, changing field trdir-secu, logical data base, user master records, athorization group assigned, editor lock flag, authorization object s_develop
Related Notes :
| 826994 | RACHECK1: entering authorization group as security |
| 338177 | Authorization check when executing programs |
| 33154 | Report authorizations without SSCR |
| 16669 | Authorization check when executing a report |