Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Authorization Group for /KJRTAX01/A03

Former Member

‎02-01-2012 8:45 AM

0 Kudos

Hi Sap Gurus,

A user in our project has requested access to tcode /KJRTAX01/A03.

This tcode pulls in the object S_TABU_DIS to the role when added with the DICBERLS(Auth. Group) as &NC&.

Now giving access to this value will give access to lot of unwanted tables and hence we wanted to restrict the access.

When I tried to find out the tables which this tcodes affect I am unable to find out. Can anyone suggest which tables will get affected because of this tcode /KJRTAX01/A03

Thanks,

Arjun

4 REPLIES 4

mvoros
Active Contributor

‎02-01-2012 10:49 PM

0 Kudos

Hi,

you can run SQL trace in ST01. That would give you all SQL queries executed in that transaction. From them you can see all tables used by that transaction.

Cheers

shivraj_singh2
Active Participant

‎02-02-2012 12:19 AM

0 Kudos

Arjun,

First thing I would do is to ask the user for list of the tables he want to update or display.

Once you have the list of tables, you can confirm what authorization group they belong to.

Maintain the transaction code in SU24 as not to pull &NC& or maintain the field values in PFCG itself (it may give you issues every time you open the role in expert mode or every time you enter the transaction code in new role.)

If the list of tables asked belongs to &NC&, then you can explore the possibility of creating a new authorization group and reassign all the tables to this new authorization group.

If the user can not provide you the list, then as Martin mentioned, ask the user to check all tables while trace is on.

Regards,

Shivraj

Former Member

‎02-08-2012 9:37 PM

0 Kudos

Hi,

Transaction /KJRTAX01/A03 updates maintenance view /KJRTAX01/A03V(Property Tax Report: Tax Office Code) using SM30 transaction (skipping initial screen). In maintenance view following tables are joined: /KJRTAX01/A03, T087G, T087S. So transaction actually updates table /KJRTAX01/A03 which is not secured by authorization group.

Thus default value of auth group for non secured tables "&NC&" is getting checked. You can check with the developer and assign a custom auth group to the table. Then you can restrict user from getting &NC& and only maintain the custom auth group in the role group.

Thanks!!!

Former Member
In response to Former Member

‎02-21-2012 5:53 AM

0 Kudos

Hi Abhishek,

Thanks for the help.As you have indicated the tcode KJRTAX01/A03 is for updating the table KJRTAX01/A03.But it has not auth group maintained for it hence the default value &NC& is getting pulled.So I have spoken to the ABAP team to create a custom auth group for this table and assign it.

Regards,

Arjun