Using S_PROGRAM

Question: I am planning to use S_PROGRAM to restrict sensitive programs and reports. I would appreciate any input on the best way to manage this. Wayne

Answer:
High levelish approach

1. Identify your sensitive progs
2. See which currently have auth groups on them
3. Where they are missing, generate list of groups you want to use
4. Get an Abaper to write prog to do mass update

Anything that you not stick an auth group on will still be available for anyone with access to run progs.

Bit more of a thorough approach - stick auth groups on executable progs & if they are needed, assign them to a t-code, making sure users don't have SA38 etc.

Answer:
No ABAP needed, Report RSCSAUTH provided by SAP is for security's use to maintian the auth groups on programs. It also creates a mirror-image table so you can transport the table and "restore" the changes so all systems are in sync.