02-22-2010 7:06 PM
Dears,
Could someone please guide on how to secure a view which is based on a secured table; for example view ENT7064 is based upon three tables : T503K, T503T and T503. The three tables are secured by authorization group 'PC'.
A user having authorization object : S_TABU_DIS with authorization field values : ACTVT = 03 and DICBERCLS = &NC&, is not able to browse any of the three tables through transaction SE11, but, he is able to browse the content of view ENT7064 through transaction SE11.
How could this be avoided ?
Thanks.
Reda
02-22-2010 7:53 PM
> A user having authorization object : S_TABU_DIS with authorization field values : ACTVT = 03 and DICBERCLS = &NC&, is not able to browse any of the three tables through transaction SE11, but, he is able to browse the content of view ENT7064 through transaction SE11.
A view without an authorization group does not make sense. That is the problem.
&NC& will give the users access to much more than the tables you have mentioned.
Unfortunately SAP defaulted the view to &NC& in earlier releases. If you apply support packs (which release are you on?) then there are many corrections and new SU24 data waiting for you as well.
Personally I simply delete everything which is empty in SU24 and then you will find the ones you use. Ideally report them to SAP as well. It is very tricky to retro-fit, but can be done...
Cheers,
Julius
02-22-2010 7:53 PM
> A user having authorization object : S_TABU_DIS with authorization field values : ACTVT = 03 and DICBERCLS = &NC&, is not able to browse any of the three tables through transaction SE11, but, he is able to browse the content of view ENT7064 through transaction SE11.
A view without an authorization group does not make sense. That is the problem.
&NC& will give the users access to much more than the tables you have mentioned.
Unfortunately SAP defaulted the view to &NC& in earlier releases. If you apply support packs (which release are you on?) then there are many corrections and new SU24 data waiting for you as well.
Personally I simply delete everything which is empty in SU24 and then you will find the ones you use. Ideally report them to SAP as well. It is very tricky to retro-fit, but can be done...
Cheers,
Julius