Hi Soumen,

In cases where the end user is accessing tables directly with SE16 S_TABU_DIS is the object that is check and maintained in PFCG.But,Such a restriction cannot be made with S_TABU_DIS alone. Fortunately SAP provides us with another authorization object S_TABU_LIN (Authorization for Organizational Unit), which can be used in conjunction with S_TABU_DIS to enforce such a restriction.

This authorization object works only with Maintenance Views and Customizing tables. Also note that an Organization Criterion is a prerequisite for implementing the same

This will require a lot of customizing settings to be done but will definitely solve your purpose.

As mentioned above this authorization will not work with SE16 but can be used to control authorizations to display tables based on org criterion using SM30.

A detailed step by step procedure to be followed is given below:

1. The first step in implementation of line authorization is defining an Organization Criterion. For this we need to access the u201CSAP Reference IMGu201D customization page from SPRO transaction.

2. From the IMG display screen select SAP Web Application Server -> System Administration -> Users and Authorizations -> Line Oriented Authorizations. Select the execute ( ) button for the u201CDefine Organization Criteriau201D.

3. The resulting table display show all available Org Criteria values existing in the system. For our purposes we will create a new Org Criteria to suit our needs. Select the tab u201CNew Entriesu201D as shown below.

4. Give an appropriate name starting with Y or Z for the new value. Note that a name starting with another letter will not be accepted by the SAP system. Click on u2018Saveu2019 button to save the newly created Org Criteria. This opens a new window asking for a Workbench Transport Request. This would be required so as to transport the new Line authorization restrictions further to the test and production systems.

5. Now select the new Org Criterion u201CY_TESTu201D and double-click the u201CAttributesu201D tab as below to define the various Org Attributes.

6. Provide the new Attribute name and Description for the same. Also fill the Authorization field value from the provided dropdown (1st Org Criterion Attribute u2026. 8th Org Criterion Attribute). The search help field is an optional field which can be filled if a search criterion exists or has been created earlier for the specific purpose. This field enables the u201CF4u201D when filling entries in the authorization object

7. We already have a search help (C_T001) available, which provides as an F4 help the list of all available Company Codes in the system.

Note that we can create up to 8 Org Attributes as per our requirements (by selecting u201CNew Entriesu201D tab), each corresponding to a column in the target table.

8. Selecting the attributes link again will show us a list of all defined attributes and the authorization Field it will appear in. Now that we have defined the Attribute Field that we require, we need to associate each attribute to the corresponding Table Field in the target table.

Select one of the attributes as below and double-click on the u201CTable Fieldsu201D button to define the field associations.

9. Select the u201CNew Entriesu201D tab to create a new table field association.

10. The View/table field must be filled with the target table which we need to control.

11. The u201CField Nameu201D will require the field name of the target table which be linked with the specific Org Attribute. Performing an F4 on this field will display the list of all possible fields available in the View/table provided earlier. Here we will select the field name BUKRS (Company Code). Save the entries in the same workbench request created earlier.

12. The next step would be to activate this new Org Criterion so that SAP now checks the authorization for S_TABU_LIN for every user

13. In the u2018IMG displayu2019 go to SAP Web Application Server -> System Administration -> Users and Authorizations -> Line Oriented Authorizations. Select execute ( ) button for the u201CActivate Organization Criteriau201D.

14. From the resulting customization screen tick the check-box for the Org Criterion that we have created. On saving the settings the system then asks for a Customizing Transport Request for further transport into test and development systems.

15. Any user without this authorization will not be allowed in to the SM30 display/change screen for this table.

16. In the role for which the S_TABU_DIS provides maintenance access for the table , we will now also need to maintain the object S_TABU_LIN.

17. On selecting change button besides any authorization field you will need to select the Organization criterion which needs to be maintained here. Note that only one Org Criterion can be maintained in one instance of S_TABU_LIN object.