Solved: Auth-Group SS

Former Member · ‎09-29-2008

Hello All ,

May i know the impact if we give the below object

s_tabu_dis

with change activity to auth-group SS

Former Member · ‎10-02-2008

This is what I would do.

Go to TDDAT, put SS in for CCLASS to see a list of all tables in the SS group. The technical names can be cryptic and you probably will recognize few tables by technical name.

Take the table list from SS, go to table DD02V. Put the SS table list in the TABNAME field and then look at the DDTEXT field on the output. This will give you the text description of each table in the SS group which should provide more info on the nature of the data protected by SS. You will then have more info to determine if your proposed change is appropriate.

I don't know what table you are enquiring about protecting with SS, however, I would expect that after seeing the text descriptions for the tables in SS, you probably won't want to make the change.

jurjen_heeck · ‎09-29-2008

>


> Hello All ,
> 
> May i know the impact if we give the below object
> 
> s_tabu_dis 
> with change activity to auth-group SS

The impact will be that someone with the proper transaction/program access will be able to change table contents of tables within that group. Impact may vary based on client role and settings.

Former Member · ‎09-29-2008

Hello ,

How can i know what all tables come under this Group SS .

jurjen_heeck · ‎09-29-2008

> How can i know what all tables come under this Group SS .

Browse table TDDAT where CCLASS = SS.

Former Member · ‎09-29-2008

Jurjen.... your voice echoes

jurjen_heeck · ‎09-29-2008

>


> Jurjen.... your voice echoes

And with the lack of new information, it sounds so hollow..... spooky!

Former Member · ‎09-29-2008

S_TABU_DIS is authorization object used for table maintanance(SM30).

by giving the authorization which you mentioned the user will have authorization to change the records of all tables whose authorization group is SS.

Former Member · ‎09-29-2008

Hi,

If you have given the auth. group SS with change activity , then user will be able to change some tables. The assignment of authorization group and tables is shown in TDDAT table.

Regards,

Sneha

Former Member · ‎10-01-2008

Probably the biggest risk here is that table auth group is the SAP default group for table T000 - so if that has not been changed the user with this access plus tcode SM30 would be able to open / close your client.

Former Member · ‎10-02-2008

Right said! Biggest risk!

SS class of table are all basis critical and can create havoc in the system if anyone plays around!

Rgds

Deepa

Former Member · ‎10-02-2008

This is what I would do.

Go to TDDAT, put SS in for CCLASS to see a list of all tables in the SS group. The technical names can be cryptic and you probably will recognize few tables by technical name.

Take the table list from SS, go to table DD02V. Put the SS table list in the TABNAME field and then look at the DDTEXT field on the output. This will give you the text description of each table in the SS group which should provide more info on the nature of the data protected by SS. You will then have more info to determine if your proposed change is appropriate.

I don't know what table you are enquiring about protecting with SS, however, I would expect that after seeing the text descriptions for the tables in SS, you probably won't want to make the change.