10-01-2010 6:47 PM
HI ,
how to restrict an user to a one particular table and he should have only dispaly authorization for that , can anyone suggest me how to do this.
10-01-2010 7:10 PM
Hi,
Is it a standard table ? S_TABU_DIS (Client Dependant) and S_TABU_CLI (Cross client) are the the authorization objects that controls table maintenance. With Authorization group and activity 03, you can give user access only to Display.
You can look at table TDDAT to find the authorization group of the table. If it is a custom table for which original t-code is SM30 ( You can look at SU24 to verify that) and it does not have authorization group assigned to it, then you can ask your developer to assign authorization group to the table using t-code SE54. then again make use of S_tabu_dis with activity 03 and Auth group as designed to restrict access.
Also something to look for is Note 1481950 - New authorization check for generic table access using new auth object S_TABU_NAM. Remember Bernhard talking about it.
Edited by: Nishant Sourabh on Oct 1, 2010 8:13 PM
10-02-2010 2:23 AM
Hi Sourabh,
Thanks for your valuable answer, i tried restricting the user thrugh Aoth Object S_TABU_DIS where in maintained the ACTVT and DICBERCLS authorization fields , i gave the ACTVT as 3 and in DICBERCLS field i gave the authorization Group, but the user is able to access all the tables having the same authorization group i should restrict him to one particular table ie one particular SAP standard table.
10-02-2010 3:11 AM
You can define your own authorization group for this table using t-code SE54 and then secure it with S_TABU_DIS. Or you can read and implement SAP Note 1481950 which defines the concept of new authorization object S_TABU_NAM which has two fields Activity and TABNAME ( table or view to be checked) but this object is valid for SAP_BASIS 700 and not for 640.