Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

How can we find the tables visited by users

Former Member

‎03-19-2012 12:13 PM

0 Kudos

Hi folks - is there any way to restrict  users to view certain tables only in SE16N?

Also, is there any transaction to find out  which tables were actually called up by any user in SE16N if this restriction can't occur for any reason? I know we can create transactions for specific table call up but we have too many and want to restrict it in this way if possible?

Thank you very much.

6 REPLIES 6

Former Member

‎03-19-2012 1:27 PM

0 Kudos

Hi,

You can check S_TABU_NAM auth object and its use along with S_TABU_DIS.

Check sap note 1481950 for more details.

This should solve your restricitng table access.

Regards,

Ajesh.

Former Member

‎03-19-2012 1:44 PM

0 Kudos

Hi Wolfgang,

You can restrict the authorization for SE16N by providing authorization to S_TABU_DIS with the required authorization group(DICBERCLS) i.e. tables you want the user to see and keeping the activity(ACT) field as 03.
By using transaction ST03N, you can see the transactions used by the user, and by SCU3 you can see the changed logs of the customized table.
I dont think there is any transaction which tells us which table is viewed by the user in SE16N. If there is any, please let me know.

Hope my answer helps.

Regards,
Laxman

Former Member
In response to Former Member

‎03-20-2012 12:15 PM

0 Kudos

Does GRC Firefighter record the tables useD?  Or does it just show TCode SE16 was executed.  just thinking you might tell users to check out a FF for a period of time while their usage is recorded, if it records the actual table names.

S_TABU_NAM seems so hard to implement.  The OSS Note and discussions are long, confusing.

Former Member
In response to Former Member

‎03-21-2012 9:15 PM

0 Kudos

Kesayamol,

SAP GRC FF does not record the tables used. It will just show transction call to SE16 / SE16N / SM30.

Matt

Former Member

‎04-05-2012 12:15 PM

0 Kudos

Hi,

You can activate SQL trace via tcode ST05 which records the table name once it is displayed or updated. However beware of the amount of logs created by the trace when it is activated for prolonged period.

Hope this helps!

Sandipan

Former Member

‎04-05-2012 8:47 PM

0 Kudos

Hi!

You should be aware that the use of SE16/ SE16N is incorrect for productive enviroments. The correct approach was discussed here:

http://scn.sap.com/thread/2085021

The preferable approach is to create transactions to access the tables, and never use SE16N. This tx. should be given to admins only in PRD.

You´ll also find a nice security discussion of this tx. here:

http://scn.sap.com/people/kevin.wilson2/blog/2009/09/29/tip-editing-any-table-in-sap

Cheers,

Diego.