Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Authority to change entries through SM30 depending on values of fields?

Go to solution
Former Member

‎04-30-2007 4:30 PM

0 Kudos

Hi.

Is it somehow possible to set authorizations in a way, that a user could change only certain entries in a customizing table using SM30? What I want to achieve with this - we have an internationally used system, where consultants from different countries are working often on the same customizing tables and we would like to restrict tham to be able to change records only relevant for those countries, so they cannot change the records for other countries by mistake / on purpose. The records are usually identified by a certain "grouping" field (for instance MOLGA in table T511K or MOABW in T554S).

So far I couldn't find anything apart from the S_TABU_DIS object, which is too rough for this requirement.

Or maybe is there another way to achieve security in such a scenario?

Thanks in advance for any ideas.

1 ACCEPTED SOLUTION

Go to solution
Former Member

‎04-30-2007 4:45 PM

0 Kudos

You may be able to use auth object S_TABU_LIN to achieve this control requirements. There is some info in SAP help and the link below may help

http://www.mortenhjorthnielsen.dk/Security/S_TABU_LIN.htm

4 REPLIES 4

Go to solution
Former Member

‎04-30-2007 4:45 PM

0 Kudos

You may be able to use auth object S_TABU_LIN to achieve this control requirements. There is some info in SAP help and the link below may help

http://www.mortenhjorthnielsen.dk/Security/S_TABU_LIN.htm

Go to solution
Former Member

‎04-30-2007 5:16 PM

0 Kudos

Hi Dusan,

Yeah S_TABU_DIS would be coarse for your requirement.With S_TABU_DIS you have the option to control access to groups of tables, and you have the option to distinguish between Update and Display access. If you don’t want to give access to an entire table group, it’s quite easy in transaction SE54 to create a new authorization group and to reassign one or more tables/view to this group, thus achieving control of access to these specific tables.

With the authorization object S_TABU_LIN you can even go a step further and control access to a table on record level, based on the key fields of the table.

Check the link below for more info

http://www.mortenhjorthnielsen.dk/Security/S_TABU_LIN.htm

**Reward points accordingly

Junaid

Go to solution
Former Member

‎05-01-2007 7:46 AM

0 Kudos

Hi Dusan,

You can restrict access to tables by business organizational units using the

Line-oriented authorizations introduced in Release 4.6C. You could previously

only use the authorization objects S_TABU_DIS and S_TABU_CLI to allow or

prevent access to complete tables.

The introduction of organizational criteria allows you to restrict user access

to parts of a table. The authorization object <b>S_TABU_LIN</b> has been

introduced for this purpose.

One possible use for line-oriented authorizations would be that a user can

only display and change the contents of a particular work area, e.g. a

country or plant, in a table.

See the IMG documentation under Basis ---> System administration ---> Users and authorizations ---> Line-oriented authorizations.

<u>Following are the fields present:</u>

Activity

Organization criterion for key

Org. crit. attribute 1

Org. crit. attribute 2

Org. crit. attribute 3

Org. crit. attribute 4

Org. crit. attribute 5

Org. crit. attribute 6

Org. crit. attribute 7

Org. crit. attribute 8

Hope it helps.

Please award points if it is useful.

Thanks & Regards,

Santosh

Go to solution
Former Member

‎05-02-2007 9:27 AM

0 Kudos

I have tried the S_TABU_LIN and it works just like I need it to. Thank you all.