03-19-2012 12:13 PM
Hi folks - is there any way to restrict users to view certain tables only in SE16N?
Also, is there any transaction to find out which tables were actually called up by any user in SE16N if this restriction can't occur for any reason? I know we can create transactions for specific table call up but we have too many and want to restrict it in this way if possible?
Thank you very much.
03-19-2012 1:27 PM
Hi,
You can check S_TABU_NAM auth object and its use along with S_TABU_DIS.
Check sap note 1481950 for more details.
This should solve your restricitng table access.
Regards,
Ajesh.
03-19-2012 1:44 PM
Hi Wolfgang,
You can restrict the authorization for SE16N by providing authorization to S_TABU_DIS with the required authorization group(DICBERCLS) i.e. tables you want the user to see and keeping the activity(ACT) field as 03.
By using transaction ST03N, you can see the transactions used by the user, and by SCU3 you can see the changed logs of the customized table.
I dont think there is any transaction which tells us which table is viewed by the user in SE16N. If there is any, please let me know.
Hope my answer helps.
Regards,
Laxman
03-20-2012 12:15 PM
Does GRC Firefighter record the tables useD? Or does it just show TCode SE16 was executed. just thinking you might tell users to check out a FF for a period of time while their usage is recorded, if it records the actual table names.
S_TABU_NAM seems so hard to implement. The OSS Note and discussions are long, confusing.
03-21-2012 9:15 PM
Kesayamol,
SAP GRC FF does not record the tables used. It will just show transction call to SE16 / SE16N / SM30.
Matt
04-05-2012 12:15 PM
Hi,
You can activate SQL trace via tcode ST05 which records the table name once it is displayed or updated. However beware of the amount of logs created by the trace when it is activated for prolonged period.
Hope this helps!
Sandipan
04-05-2012 8:47 PM
Hi!
You should be aware that the use of SE16/ SE16N is incorrect for productive enviroments. The correct approach was discussed here:
http://scn.sap.com/thread/2085021
The preferable approach is to create transactions to access the tables, and never use SE16N. This tx. should be given to admins only in PRD.
You´ll also find a nice security discussion of this tx. here:
http://scn.sap.com/people/kevin.wilson2/blog/2009/09/29/tip-editing-any-table-in-sap
Cheers,
Diego.