06-11-2007 2:17 PM
Is there a way to provide users with Table Maintenance (SM30) to specific tables and not all?
Any input would be greatly appreciated.
Thanks
06-11-2007 2:30 PM
Hello Maritza,
This can be done through authorization object S_TABU_DIS. In this object there is a field for authorization group.
You can assign an authorization group to those tables and then assign the value of the authorization group to the authorization object along with activity 02 and 03.
Regards.
Ruchit.
06-11-2007 2:32 PM
One more way is to create transaction codes for all these tables and then assign authorizations for these transactions. Of course this will also involve s_tabu_dis and to make this work you need to remove SM30 access and just give t-code access.
This is because a lot of tables may share the same authorization group and giving direct access to the authorization group through SM30 will mean access for all the tables. However with transaction codes you can avert this issue because the initial check with be for transaction code.
Regards.
Ruchit.
06-11-2007 2:31 PM
Hi,
You can provide user with table maintenance(SM30) to specific tables using authorization object S_TABU_DIS. Group the similar tables under one auhthorization group and give that authorization group in the field name DICBERCLS under the authoriztion object S_TABU_DIS.
SE54 => created a new Authorizathion group called: ZXXx (access to specific tables)
SUCU => Assign the tables to that ZXXX
PFCG => created a new role and give the below values in the authorization object
S_TABU_DIS
ACTVT 02,03
DICBERCLS ZXXX
Regards,
Bharath
06-11-2007 4:00 PM
Although technically all solutions provided are possible, one should ask why direct table maintenance is needed.
In general one SHOULD NOT do it this way, but look for a way of providing SAP info through a transaction.
We have never found a situation were it is really needed.Normally the request only comes out of lazy peopel!!!
So always ask for a Good explanation including approval on high level in the business.
Be ware that the ONLY secure solution is by creating a custom transaction. Limitation on S_TABU_DIS is normally leaking because of values in other roles the same user has!
06-11-2007 4:01 PM
06-11-2007 4:30 PM
06-11-2007 6:28 PM
06-12-2007 2:16 PM
06-12-2007 3:37 PM
Hi,
Just try adding authorization group using transcation SE54.If this also doesnot works, please go a head as ruchit said above with the creation of the transaction codes for all these tables and this is also the best possible way as lot of tables may share the same authorization group. If you want to create transaction code for table maintenance, Go through the below link
http://www.sapdevelopment.co.uk/tips/tips_tabmaint_tcode.htm
Regards,
Bharath