Required authorizations for Generic Report Call

In order for a SmartExporter end user to be able to use the generic report call, certain authorizations must be in place.

When a user attempts to start a generic report call, SmartExporter performs a series of authorization checks in the following order:

1. Explicit authorization available?

• First, the system checks whether calling the report is explicitly allowed. For this to be the case, the report must be listed in the whitelist for reports or transaction codes (transaction /AUDIC/SE_REPORTS).

• In addition, the user must be authorized to run the transaction codes assigned to the report.

If these conditions are met, the user can run the report.

If these conditions are not met, SmartExporter starts the next check.

2. Can the user start the program directly?

The system checks whether the authorization object S_PROGNAM exists.

• The user must have authorization to call the report (P_ACTION = SUBMIT).

• The name of the report must be explicitly specified in the authorization (P_PROGNAM = <Report Name>).

If these conditions are met, the user can run the report.

If these conditions are not met, SmartExporter starts the next check.

3. Checking the authorization group via attributes (S_PROGRAM)

The system checks whether an authorization group is assigned to the report.

If this is the case, it must be defined in this authorization group that the user has the authorization to call the report (P_ACTION = SUBMIT and P_GROUP=<value from TRDIR-SECU>).

If this is the case, the user can run the report.

If this last check also fails, the user cannot start the report with SmartExporter.