05-09-2007 7:15 AM
Hi,
I have a custom transaction which calls a custom table. And as there's no ABAP code for that, it's not possible to enter ABAP statement - AUTHORITY-CHECK to check any data before user run custom transaction.
Is it possible to restrict custom transaction in this scenario ?
Thanks..
05-09-2007 8:08 AM
Hi Mehta,
Custom transaction gives you access to a particular table.
After that what extra restriction are u looking at?
05-09-2007 8:41 AM
You can create authorisation objects in transaction SU21. Then you can link it to your custom transaction in SU24.
Assign it to users by adding it to the menu of your roles and authorisation profiles.
05-09-2007 8:55 AM
Hi Mehta,
While you create a Custom Transaction code using SE93, if you check the option "Skip Initial Screen" and assign it to user. User will only be able to access that perticular table only. So what is that Extra Security Check you are looking for?
Thanks & Regards,
Santosh
05-09-2007 9:31 PM
If you are trying to update the table - assign the table to a seprate auth grp and restrict it via S_TABU_DIS
05-09-2007 10:00 PM
Assuming you are using call transaction to SE16 or SM30 for you custom transactions. Your custom transaction is actually a parameter transaction, which will check whatever auth objects from the parent transactions (SE16 or SM30).
The only place that you can insert additional Auth-Check statement is within your custom table. Go to your custom table thru SE11 -> Utilities -> Table Maintenance Generator -> Environment -> Modification -> Events. If I recalled correctly, Event 25 is for Auth-Check.
Good luck.
Thanks,
Lye
05-10-2007 12:21 AM
Thank you all for your answers. But I know what you all are talking about.
Well, let me be specific. I have 3 companies and all are using same custom table. And I have a custom transaction code which points to custom table for table display/update access.
Now, as there's no ABAP code for custom transaction, I can't insert AUTHORITY-CHECK to restrict one company's data from others.
So in this case, is there any way I can restrict custom transaction for authorization check, which would be inserted in user's profile, for specific company code value ?
I know you can do it using TSTCA table: insert authorization object and value and then check against user's profile. But would like to know what other folks are doing.
Cheers...
05-10-2007 1:08 AM
Yes, you can insert AUTHORITY-CHECK code inside your custom table.
Go to your custom table thru SE11 -> Utilities -> Table Maintenance Generator -> Environment -> Modification -> Events.
EVENTS is where you can insert AUTHORITY-CHECK coding. For example, depending on the user's profile on Company Code, the user can only see their data or only able to update their own data in the custom table.
Thanks,
Lye
05-10-2007 7:16 AM
Hi Mehta,
In this case in think you can use the following object
S_TABU_LIN to obtain further control.
<a href="http://help.sap.com/saphelp_erp2005/helpdata/en/6d/56cdd3edabc14ebd1bc84dae20dec8/frameset.htm">S_TABU_LIN</a>
Hope this helps
Manohar
Message was edited by:
Manohar Kappala
05-10-2007 8:42 AM
Mehta,
The following link explains how you can segregate access to a table - you will need to create t-codes for each of the different groups.
http://www.sap-img.com/zf011.htm
The example is for the table behind OB52, however the principles are valid for other tables.
Cheers
Alex
05-10-2007 9:41 AM
Hi Mehta,
The scenario you are looking at can be eachieved through the use of S_TABU_LIN
<a href="http://help.sap.com/saphelp_erp2005/helpdata/en/6d/56cdd3edabc14ebd1bc84dae20dec8/frameset.htm">S_TABU_LIN</a>
With this you can control to a particular fields in a table.
Hope this helps