Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

How to Restrict a user to a access a particular table

Former Member

‎10-01-2010 6:47 PM

0 Kudos

HI ,

how to restrict an user to a one particular table and he should have only dispaly authorization for that , can anyone suggest me how to do this.

3 REPLIES 3

Former Member

‎10-01-2010 7:10 PM

0 Kudos

Hi,

Is it a standard table ? S_TABU_DIS (Client Dependant) and S_TABU_CLI (Cross client) are the the authorization objects that controls table maintenance. With Authorization group and activity 03, you can give user access only to Display.

You can look at table TDDAT to find the authorization group of the table. If it is a custom table for which original t-code is SM30 ( You can look at SU24 to verify that) and it does not have authorization group assigned to it, then you can ask your developer to assign authorization group to the table using t-code SE54. then again make use of S_tabu_dis with activity 03 and Auth group as designed to restrict access.

Also something to look for is Note 1481950 - New authorization check for generic table access using new auth object S_TABU_NAM. Remember Bernhard talking about it.

Edited by: Nishant Sourabh on Oct 1, 2010 8:13 PM

Former Member
In response to Former Member

‎10-02-2010 2:23 AM

0 Kudos

Hi Sourabh,

Thanks for your valuable answer, i tried restricting the user thrugh Aoth Object S_TABU_DIS where in maintained the ACTVT and DICBERCLS authorization fields , i gave the ACTVT as 3 and in DICBERCLS field i gave the authorization Group, but the user is able to access all the tables having the same authorization group i should restrict him to one particular table ie one particular SAP standard table.

Former Member
In response to Former Member

‎10-02-2010 3:11 AM

0 Kudos

You can define your own authorization group for this table using t-code SE54 and then secure it with S_TABU_DIS. Or you can read and implement SAP Note 1481950 which defines the concept of new authorization object S_TABU_NAM which has two fields Activity and TABNAME ( table or view to be checked) but this object is valid for SAP_BASIS 700 and not for 640.