06-21-2011 4:03 PM
Good Afternoon SAP experts,
In a ECC 6.0 system, I am trying to limit a users access within SE16N to all tables belonging to the Family Pricing table class / group.
I have checked in TDDAT, these tables do not appear in there, and when tracing table usage it implies access to the tables should be secured via S_DEVELOP (via DEVCLASS & OBJNAME) rather than S_TABU_DIS ?
Can anyone explain why this is ?
Thanks
Steve
06-22-2011 1:00 AM
Hi,
in case there is no authorization group assigned to table the system checks for class &NC& and object S_TABU_DIS. So I would suggest to assign all those tables to authorization group. You don't need authorization for S_DEVELOP to display content of table. But it's checked there.
Cheers
06-22-2011 1:00 AM
Hi,
in case there is no authorization group assigned to table the system checks for class &NC& and object S_TABU_DIS. So I would suggest to assign all those tables to authorization group. You don't need authorization for S_DEVELOP to display content of table. But it's checked there.
Cheers
06-22-2011 2:41 PM
OK Thanks Martin,
The drawback with that solution is that you then have you to provide access to all tables in that table class (which can sometimes be great) but if designed correctly no critical or sensitive tables should be in that class. Plus, you could use a custom table class but you may store up problems in future for any upgrade activities.
When I tested with greater restrictions, you are right it did not need S_DEVELOP.
06-22-2011 10:00 PM
Hi Steve,
there is a new authorization object S_TABU_NAM that allows you to give access to particular table. Check note 1500054.
Cheers