04-08-2010 2:04 PM
Hi experts,
I have added se16 to a role but want to restrict one table ( Say pa0000*).
please help me how to do so because there is no option in authorization in authorization menu.
thanks in advance.
DK
04-08-2010 2:08 PM
Hi,
You can provide table restrictions based on authroization groups for object S_TABU_DIS. You can check the respective authorizaiton group for a particular table in the view V_DDAT_54 OR SUCU transaction.
If you want only specific table to be allowed, then you can move the particular table to a new authorizaiton group (read documentation for SE54). As a consequence, you may also need to modify the roles in which users are using this table.
Hope it helps.
Regards,
Gowrinadh
04-09-2010 7:52 AM
>
> You can provide table restrictions based on authroization groups for object S_TABU_DIS. You can check the respective authorizaiton group for a particular table in the view V_DDAT_54 OR SUCU transaction.
>
> If you want only specific table to be allowed, then you can move the particular table to a new authorizaiton group ...
You can provide table restrictions based on authroization groups for object S_TABU_DIS. You can check the respective authorizaiton group for a particular table in the view V_DDAT_54 OR SUCU transaction.
If you want only specific table to be allowed, then you can move the particular table to a new authorizaiton group
As far as I understood the authorization groups for object S_TABU_DIS it's possible to set the authorization group for a particular table, for example "1234". User, who has got authorization for this group "1234" can see all tables with authorization group "1234" and all tables without authorization group. So you have got to set an authorization group for every table in system, if you want your users just to see specific tables and nothing other.
Is this correct?
Regards Julia
04-09-2010 9:16 AM
Hi,
Not all the tables are mentioned in the view V_DDAT_54. If you display this view, you can see some tables which are not assigned to any authorization group in authorization group &NC&.
If a user has authorization to this group &NC&, then they can see all tables which doesn't have an authorizaiton group assigned. if you give authorization to only "1234" authorizaiton group, then they can only see tables inside this authorizaiton group.
Hope it clarifies.
Regards,
Gowrinadh
04-08-2010 3:17 PM
Hi,
authorization groups often contain a lot of tables. Usually ist is not possible to restrict access to exactly ONE table on that way. Changing the authorization group of one table to a unique one is possible - but it makes only sence while using tables within the customer namespace. Changing the authorization group of a standard SAP table might be rolled back after the next patchday...
The most secure and common solution for that quest would be the creation of an own parameter transaction (with SE93) for SE16 (e.g. SE16_BLABLA) . Use dynpro field DATABROWSE-TABLENAME=<your tab> and that's it.
Regards,
Dirk
04-08-2010 9:21 PM
Just to add to the above, SAP already delivered some transactions codes for the same. You can check the same in SM01.
Regards,
Gowrinadh
04-09-2010 5:18 AM
Hi,
I tried all these activities. will you please elaborate on se93 process of restricting.
04-09-2010 5:54 AM
Hi Dhiraj Mishra,
Tcode : SE93
Give the tcode name: ZMYTCODE
Click on Create button, give
short Text : restrict tcode se16.......
Short object : Transaction with parameter (parameter transaction)
Default value for
Transaction : SE16
check "Skip Initial screen"
at the end of the screen under default value
Name of the field Value
VIEWNAME <Table name>
save it
I hope the above message will be helpful to create ZTCODE
Regards,
Firoz.
04-09-2010 6:26 AM
> at the end of the screen under default value
>
> Name of the field Value
> VIEWNAME <Table name>
>
Name of the screen filed has to be DATABROWSE-TABLENAME not ViewName.
04-09-2010 7:22 AM
Dhiraj Mishra,
SE93 has been explained so far. I think you should be able now to create you parameter transaction.
Make shure your table HAS an authorization group (SE54) and put the new transaction into your role instead of the original SE16. Authorization objects you need are S_TCODE (<your transaction>) and S_TABU_DIS (<auth. group of your table>).
The whole thing is really quite easy, don't worry...
Regards,
Dirk
04-09-2010 8:07 AM
I tried with that but with that we will allow table access ( whatever we mention in DATABROWSER field).
Is there any field or setting there where I can restrict a table .
04-09-2010 9:33 AM
Dhiraj,
it is important that the user does not have the autorization to call the native SE16 transaction. He must only have the new parameter transaction you've just created.
What exactly is still your problem? What did you do? Tell us kindly the name of your table and the related authorization group.
Regards, Dirk
04-09-2010 2:27 PM
problem is i have to assign native se16 but user should not be able to see some table( like Pa0008).
04-10-2010 2:12 PM
Hi,
This table has salaray information. Is the requestor really need to see this table? All HR tables are in authorization group "PA" .
Regards,
Gowrinadh
05-05-2010 2:51 PM
hi
is there any way to restrict any table while giving permission for particular module.
for example adding exceptional table.
so that we can restrict user to see that table.
05-05-2010 3:01 PM
> is there any way to restrict any table while giving permission for particular module.
> for example adding exceptional table.
You're definately at a dead end here. The whole SAP authorization mechanism is built on allowing specific stuff, not allowing all and restricting specific stuff. The 'how can I restrict' question has been asked over and over in this forum (and others) and there really is no proper answer for it.
I am sorry but I do not think you'll solve your issue in this way.
Jurjen
05-05-2010 9:37 PM
06-18-2010 1:27 PM
Dear All,
the correct way i got to restrict is assign or create authorization object and assign in S_tabu_dis
06-18-2010 1:28 PM
06-23-2010 6:10 AM
Hi Dhiraj
Instead of giving SE16 while creating parameter transaction through SE93 use SM30 and give table/View name which you want o maintian and in su24 of the parameter transaction code [Ztcode] maintAIN S_TABU_DIS activity field as you wish and authgroup field with the authorization group which is assigned for the table.That should solve your problem
contact your abapers for futher more help beacuse while mainting table through SM30 table maintanance generator should be there if it is not there you may need to create a view and generat it
Please let us know the feedback
Regards
santosh Varada
12-18-2012 4:41 AM