Symptom
The report RJ-JXINI reads the field GSTRU from the Customizing table TMC4 and expects the name of a table in this field. This information is used to generate a second report that deletes all the contents of this table as an initialization.
If TMC4-GSTRU contains further SQL statements in addition to the table name, unexpected actions may be performed in the database as a result.
Other terms
RJ-JXINI, RJ-JXIN1
Reason and Prerequisites
The report RJ-JXINI generates and executes ABAP source code. This is unnecessary.
Due to dynamic ABAP statements, the generation of ABAP source code is not required.
These corrections are relevant, only if the system includes a user that has IS-Media-specific authorizations of this type.
The risk that incorrect entries in the field TMC4-GSTRU result in unintentional changes in the database exists, only if a user has access to this Customizing table (either directly in the production system or in a separate Customizing system from which the changes are subsequently transported to the production system).
To execute the report RJ-JXINI, the user then requires an authorization for the authorization object S_PROGRAM for the authorization group JVISLONE and an authorization for the authorization object M_NEUA_AUS for the application J1.
Solution
Implement the corrections specified in the correction instruction. As a result, the report RJ-JXINI is changed so that dynamic database statements are used instead of the generated ABAP source code. This prevents unintentional actions from being performed due to incorrect entries in TMC4-GSTRU.
https://service.sap.com/sap/support/notes/1361038
The report RJ-JXINI reads the field GSTRU from the Customizing table TMC4 and expects the name of a table in this field. This information is used to generate a second report that deletes all the contents of this table as an initialization.
If TMC4-GSTRU contains further SQL statements in addition to the table name, unexpected actions may be performed in the database as a result.
Other terms
RJ-JXINI, RJ-JXIN1
Reason and Prerequisites
The report RJ-JXINI generates and executes ABAP source code. This is unnecessary.
Due to dynamic ABAP statements, the generation of ABAP source code is not required.
These corrections are relevant, only if the system includes a user that has IS-Media-specific authorizations of this type.
The risk that incorrect entries in the field TMC4-GSTRU result in unintentional changes in the database exists, only if a user has access to this Customizing table (either directly in the production system or in a separate Customizing system from which the changes are subsequently transported to the production system).
To execute the report RJ-JXINI, the user then requires an authorization for the authorization object S_PROGRAM for the authorization group JVISLONE and an authorization for the authorization object M_NEUA_AUS for the application J1.
Solution
Implement the corrections specified in the correction instruction. As a result, the report RJ-JXINI is changed so that dynamic database statements are used instead of the generated ABAP source code. This prevents unintentional actions from being performed due to incorrect entries in TMC4-GSTRU.
Affected Releases
|
https://service.sap.com/sap/support/notes/1361038
No comments:
Post a Comment