09-14-2009 8:11 AM
Hi there,
In our organization we use a tool called ACL Direct Link (www.acl.com) which directly access tables from SAP. The user needs to use his regular SAP user/password and then he/she will be able to search and download tables (this is limited to the user profile).
We are having problems when users need access to a specific table. The current method of restricting access via Table Authorisation Groups (defined in auth object S_TABU_DIS) is very imprecise. For example, if we use this method to grant access to 2 tables a user requested then we actually grant access to 2,236 additional tables!
How could we restrict the access to only the requested tables?
I appreciate any help you can give me on this.
Luciano
09-14-2009 9:14 AM
Hello,
As per my understanding, you are restrciting based on Auth Group, and that Auth group is linked to 2236,table,
If you give access to that Auth Group ,then user will have access to those tables linked to that auth Group,
Please provide more information to help you..
Thanks,
Prasant K Paichha
09-14-2009 9:14 AM
Hello,
As per my understanding, you are restrciting based on Auth Group, and that Auth group is linked to 2236,table,
If you give access to that Auth Group ,then user will have access to those tables linked to that auth Group,
Please provide more information to help you..
Thanks,
Prasant K Paichha
09-14-2009 9:38 AM
Luciano,
the only option I can think of is to change the auth groups of the tables. Either to unique values per table (which can get pretty difficult considering that you only have 4 characters) or smaller groups.
This is usually the suggestion that you get from SAP - their values are just proposals.
If you would not use that extra tool but access the tables directly in SAP you could create extra t-codes to only access 1 (or more) specific table(s).
Regards
Petra
09-14-2009 9:40 AM
Hi,
This is one of the "features" of the standard auth concept within SAP. Working within this, you would need to change auth groups to make them more granular. For your purposes, this is a bit of overkill.
What are you using ACL to extract? We may be able to suggest a more suitable method of getting the data. Usually ACL is used by individuals/teams who can access all of the data in specific groups of tables.
09-14-2009 9:40 AM
09-23-2009 10:24 AM
Hi,
As per my knowledge If you have access to create Auth Group you can create Auth group by using se56 tcode.
first you should create auth group and than you can assign specific tables to that auth group.
Thanks
Sant
09-24-2009 10:40 AM
hi
You can give access on tables on authoriation class s_tabu_dis on activity 03 and authorization group as alloted to the table .
regards
Mysterious.
09-25-2009 10:46 AM
Hi ,
First make sure that you assign correct authorization group to each table in SE54 . as per your description I can understand that all the 2,236 tables have same authorizzation group so you are unable to restrict.
First assign all tables with proper authorization groups then you can precisely restrict for each table .