03-31-2009 5:27 PM
hello experts.
can anyone tell me how to enter all the auth groups in DICBERCLS in S_TABU_DIS in quicker way? I dont want to put ' * ' . thanks in advance.
03-31-2009 6:17 PM
Dear Friend,
If I understood your question properly, then the question is making contradiction. If you provide full authorization, then the best way is to provide asterisk (*). I hope you will not prefer to assign all 528 (as of ECC 6) authorization groups (correspond to S_TABU_DIS) in PFCG.
Alternatively, if you want "authorization check" in a particular role to be ignored, (i.e. when looking for table access authorization in user buffer, it will ignore the check of any value of this field) then you can assign ' ' in the field.
Please let me know if I am unable to make this clear as per my understanding.
Regards,
Dipanjan
03-31-2009 6:17 PM
Dear Friend,
If I understood your question properly, then the question is making contradiction. If you provide full authorization, then the best way is to provide asterisk (*). I hope you will not prefer to assign all 528 (as of ECC 6) authorization groups (correspond to S_TABU_DIS) in PFCG.
Alternatively, if you want "authorization check" in a particular role to be ignored, (i.e. when looking for table access authorization in user buffer, it will ignore the check of any value of this field) then you can assign ' ' in the field.
Please let me know if I am unable to make this clear as per my understanding.
Regards,
Dipanjan
03-31-2009 6:45 PM
There is no easy way. There are only tools which help to make your life more sustainably easy in the long run and keep the concept intact, and default SAP values which you can draw help from.
If you are going to use meaningfull S_TABU_DIS security, then I would recommend restricting S_PROGRAM at the same time.
The principles are very much the same and the group names as well (even if the coding itself is slightly different) so there are synergies you can use - e.g. to derive the group of the table from that of the program (if found), otherwise use the table maintenance generator to derive the transaction name from the table group and use the table group to derive the report tree group or program group.
Good luck,
Julius
Edited by: Julius Bussche on Mar 31, 2009 7:46 PM
03-31-2009 7:56 PM
04-01-2009 9:10 AM
Hi,
You can find all the authorization groups in transaction SE54. Click on option "Authorization groups" and press Display button.
You will see all the avilable authorization groups here. You can pick the required ones and assign.
Regards,
Gowrinadh