Cross-Client Table Maintnance-Restricting SCC4 eve...

Former Member · ‎05-28-2009

Hi all,

We have given S_TABU_CLI authorizations as "Allowed" to ABAPERs as they need to do some Cross client table authorizations...

By this authorizations it enables them to change the client settings in SCC4. i want to restrict them to change this SCC4 settings...Is there any way to give Cross client table access and restrict in changing SCC4 transaction...

Have tried in checking all the sources but unable to solve it, Please suggest me..

Thanks,

Subbu

jurjen_heeck · ‎05-28-2009

Restrict s_tabu_dis to exclude maintenance for tables in authorization group SS.

Former Member · ‎05-28-2009

Hi Jurjen,

Thanks for the suggestion...i m a newbie to thuis security field...Could u pls. help me in doing so...

i googled and found that in SE54 we can see the authorization groups...i hvae executed SE54 and click on the Display, i can see authorization group SS there, but could not able to change it when i double click on that..

In SE54 itself we have another option Assign Authorization group, when i selected that and clicked on Chnage - Table Name & Authorizations ...but when i select that & give SCC4 and SS respectively, it has shown no entries????

Could you pls. guide me how to exclude that maintainence of tables in SS group..

Thanks,

Subbu

former_member1061482 · ‎05-28-2009

Make sure that in the roles (that you have assigned to the ABAPERs) auth object s_tabu_dis does not give maintenance access to auth group SS.

But, Apart from T000 table, the users will lose change access in many other tables too!

Edited by: Hemant Raj on May 28, 2009 9:51 PM

Former Member · ‎05-28-2009

Search SAP notes for "SCC4 T000 S_CTS_ADMI".

In higher releases you can use this object to protect fields of T000 using authorizations. As the user is client specific as well, you can achieve a client specific maintenance authorization dependent on the client which the user is logged onto.

I can't remember the SAP note number, but you should find it easily using the above search terms.

Cheers,

Julius

Object name corrected: See [SAP Note 1047952|https://service.sap.com/sap/support/notes/1047952]

Edited by: Julius Bussche on May 29, 2009 8:34 AM

Former Member · ‎05-29-2009

hi

you can mark the changes the authorization group as per the table given to the concern.

The activity and the group needs to be checked in the authorization object S_TABU_DIS also

Thx

Shilpa

jurjen_heeck · ‎05-29-2009

> you can mark the changes the authorization group as per the table given to the concern.

What?

> The activity and the group needs to be checked in the authorization object S_TABU_DIS also

You're the third one posting in this thread about S_TABU_DIS. Why?

Former Member · ‎06-01-2009

Hi all,

I have removed access to SS in S_TABU_DIS authorization object..

Thank u very much for ur response...it has solved my problem...Could you pls. guide whether the procedure which i did was not correct??

will that affect any other T-codes???/...

Thanks in Advance.

Regards,

Subbu.

jurjen_heeck · ‎06-01-2009

> will that affect any other T-codes???/...

One question mark will do

If you've taken away authorization group SS this simply means they cannot maintain any table in that group. Inspect table TDDAT to see which ones are in this group. In general I think you'll be fine. If they insist on maintaining one or more of these tables you can always consider moving those to another authorization group.

Former Member · ‎06-01-2009

I also understood that you were wanting a client specific access to this client independent table, and not restrict the whole table.

But remember that SCC4 can be accessed from any client... (see the client independent solution mentioned above using S_CTS_ADMI).

Oh well, guess I had better read the question more carefully next time...

Cheers,

Julius

Former Member · ‎06-11-2009

Thank u

Cross-Client Table Maintnance-Restricting SCC4 even after giving S_TABU_CLI