In many organizations, the usage of transaction GR55 has been removed from end users and the usage of custom transaction for Report Painter report is preferred.
These transactions need to be added to roles & also transported via the SAP Transport system and go through change control.
One mistake is to create Variant Transactions that add another layer of objects to maintain and transactions that are not easily accepted by the end user community:
The user will then have to navigate past the selection screen where the report group is selected.
Another common mistake is that users create the transaction code with the SAP-generated program name of the Report Painter report.
The users usually runs the report and via the menu path system status identifies the SAP generated report name, such as GP4D9W908VD93NG59JGEC5C4HE3200 in the development system or in the productive system as GP4D9W908VD93NG59JGEC5C4HE3400. Both program names look identical except for the last 3 digits, which represent the client in which the report was generated.
Because you don’t have control over the SAP-generated program name, you run into problems when the user tries to execute the program and a short dump may occur or the system may tell the user that the program doesn’t exist.
The right approach is to create a Parameter Transaction, map this transaction to the necessary objects in SU24 so that you can make sure that you won’t run into any authorization issues when the user runs the reports.
To create a custom transaction, you need to use transaction SE93 in the development client where your program development & configuration takes place.
Enter a transaction with the naming convention that your organization has issued and select the ‘create’ button:
Enter a short description (according to naming standards of your organization) and select the option ‘Transaction with parameters’:
Enter transaction ‘START_REPORT’ as shown below (1) and select the ‘Skip Initial Screen) (2):
In the lower section, enter Screen Field D_SREPOVARI-REPORTTYPE with the value RW for Report Writer and D_SREPOVARI-REPORT for your report name. If you should have extended a extended report name, you also can add this screen field with the appropriate value D_SREPOVARI-EXTDREPORT to the list of screen fields.
After saving the transaction, the system asks you for a package & transport request. Follow the development standards & instructions from your organization.
Once you have created the transaction, you need to make sure that it will be fully functional from a SAP Security standpoint. Use transaction SU24 to map the object S_Program to the transaction you have just created. The authorization group is the name of the Library with the prefix of RW_. You can find out the library via the report group or by running a trace. (This is helpful if you did not create the report and don’t know what library the developer was using).
If you want to run the authorization analysis via ST01, you can find out easily what the values for S_Program should be:
Once you have identified the objects & values, you can then map the object to the transaction with transaction SU24:
Add all objects needed to run this report (you can find out the objects via your trace analysis):
Switch the indicator to check/maintain:
Enter the values according to your findings
Don’t forget to double-check the values. You may want to make selections regarding on how the user can run the report according to your company guidelines and development standards:
When the SAP Security Administrator maps the newly created transaction to a role, the objects needed for this transaction will be automatically pulled into the role:
Depending on your SAP Security setup, the values of the individual authorizations for Report Writer may be more granular or with access to a broader area.
