05-26-2009 12:24 PM
How do we identify if an authority check should be given
1) at the Program(Report) level or
2) at the T-code level itself?
Is there any other level we can do it?
For SM30s / tablemaintenances, how do we do it?
Suppose we have a T-code with SM30 for a table having fields including 'PLANT'. Now if we want to restrict the users to have access to specific plants, where should we put the check - in the Tcode?
say - usergrp1 - plant1
usergrp2- plant 2
.
.
etc.
How do we design this scenario?
How is authorization for report and others different?
Do we need to include S_TABU_CLI authorization object? what is its use?
05-26-2009 12:35 PM
> For SM30s / tablemaintenances, how do we do it?
>
> Suppose we have a T-code with SM30 for a table having fields including 'PLANT'. Now if we want to restrict the users to have access to specific plants, where should we put the check - in the Tcode?
> say - usergrp1 - plant1
> usergrp2- plant 2
> .
> .
> etc.
> How do we design this scenario?
This can only be achieved with a bespoke program in which authority-check statements are programmed at the right point. SM30 will not allow such granularity.
> Do we need to include S_TABU_CLI authorization object? what is its use?
This object is used to shield cross-client tables. Not needed here.
05-26-2009 12:39 PM
05-26-2009 1:55 PM
Hi Nunu,
If this is a custom table then you can include auth checks via events in the table maintainance dialog.
This will let you add in standard authorisation checks when actions are performed against the table and is done via SE54. Your developers will be able to assist with this as it can get complex.
Cheers
Alex
05-26-2009 2:03 PM
The object S_TABU_LIN was created for further table access limitation.
S_TABU_LIN allows an access granularity down to the line level of the tables.
This is connected to special customizing adjustments, the definition and activation
of so-called organizational criteria. With the predefinition of organizational criteria
like e.g. a plant or a country, access to tables can then be limited to the lines of
the organizational criteria only.
Because of the additional complexity of these fine tuning requirements
[customizing on-line], this is rarely used in companies so far.
Thanks,
Prasant