08-17-2009 7:26 AM
Hello Experts ,
I have a requirement in one my security roles that the user should be restricted only to Change the existin gentries in a Z table . But when I add ACTVT 02 with object S_TABU_DIS this gives access to Create, Change & Delete the entries in that table.
How can I restrict the access only to change & do not allow user to Create / Delete an entry to this table ?
Thanks !
Shailesh
08-17-2009 7:33 AM
08-17-2009 7:46 AM
>
> have you given the entries name or (*) full authorization?
What do you mean by "the entries name"? S_TABU_DIS has two fields, ACTVT and DICBERCLS. OP's problem lies in the ACTVT restriction which isn't working in the desired way.
08-17-2009 8:18 AM
Sounds like you are refering to SE16.
Please take note that SE16 cannot edit all tables, but in those cases the ability to change an existing entry to something completely different or non-sensical is the same as creating or deleting the existing entry.
Cheers,
Julius
08-17-2009 8:41 AM
S_TABU_DIS only 3 values for field ACTVT:
02 = create, change or delete entries
03 = view entries only
BD = overrule the locking of changes coming from ALE
so, ACTVT 02 allows exactly what you are describing. this object will not help you to achieve what you want. you will have to create your own object and adapt the coding (of the maintenance view ... or whatever).
08-18-2009 7:24 AM
Thanks Guys,
I guess I have to go ahead with a Z object for this one
Shailesh
08-28-2009 8:12 AM
Hi,
I would like to remind you on one thing,
PLease check if the role has multiple number of instances for S_TABU_DIS . i.e multiple authorizations , where in one authorization as you said you have maintained the authorization group with only Activity 02 .
But please make sure that there are no other instances for S_TABU_DIS where the same Authorization group is maitained with other activities like 02, BD, which will allow to give access for all those activities.
Thank you
Jagadish