Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Showing results for 
Search instead for 
Did you mean: 

Authorization check - Lvel: Program/Tcode - report/SM30/odr

Former Member
0 Kudos

How do we identify if an authority check should be given

1) at the Program(Report) level or

2) at the T-code level itself?

Is there any other level we can do it?

For SM30s / tablemaintenances, how do we do it?

Suppose we have a T-code with SM30 for a table having fields including 'PLANT'. Now if we want to restrict the users to have access to specific plants, where should we put the check - in the Tcode?

say - usergrp1 - plant1

usergrp2- plant 2

.

.

etc.

How do we design this scenario?

How is authorization for report and others different?

Do we need to include S_TABU_CLI authorization object? what is its use?

4 REPLIES 4

jurjen_heeck
Active Contributor
0 Kudos

> For SM30s / tablemaintenances, how do we do it?

>

> Suppose we have a T-code with SM30 for a table having fields including 'PLANT'. Now if we want to restrict the users to have access to specific plants, where should we put the check - in the Tcode?

> say - usergrp1 - plant1

> usergrp2- plant 2

> .

> .

> etc.

> How do we design this scenario?

This can only be achieved with a bespoke program in which authority-check statements are programmed at the right point. SM30 will not allow such granularity.

> Do we need to include S_TABU_CLI authorization object? what is its use?

This object is used to shield cross-client tables. Not needed here.

Former Member
0 Kudos

This message was moderated.

Former Member
0 Kudos

Hi Nunu,

If this is a custom table then you can include auth checks via events in the table maintainance dialog.

This will let you add in standard authorisation checks when actions are performed against the table and is done via SE54. Your developers will be able to assist with this as it can get complex.

Cheers

Alex

Former Member
0 Kudos

The object S_TABU_LIN was created for further table access limitation.

S_TABU_LIN allows an access granularity down to the line level of the tables.

This is connected to special customizing adjustments, the definition and activation

of so-called organizational criteria. With the predefinition of organizational criteria

like e.g. a plant or a country, access to tables can then be limited to the lines of

the organizational criteria only.

Because of the additional complexity of these fine tuning requirements

[customizing on-line], this is rarely used in companies so far.

Thanks,

Prasant