Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Table Maintenance

Former Member

‎06-11-2007 2:17 PM

0 Kudos

Is there a way to provide users with Table Maintenance (SM30) to specific tables and not all?

Any input would be greatly appreciated.

Thanks

9 REPLIES 9

Former Member

‎06-11-2007 2:30 PM

0 Kudos

Hello Maritza,

This can be done through authorization object S_TABU_DIS. In this object there is a field for authorization group.

You can assign an authorization group to those tables and then assign the value of the authorization group to the authorization object along with activity 02 and 03.

Regards.

Ruchit.

Former Member
In response to Former Member

‎06-11-2007 2:32 PM

0 Kudos

One more way is to create transaction codes for all these tables and then assign authorizations for these transactions. Of course this will also involve s_tabu_dis and to make this work you need to remove SM30 access and just give t-code access.

This is because a lot of tables may share the same authorization group and giving direct access to the authorization group through SM30 will mean access for all the tables. However with transaction codes you can avert this issue because the initial check with be for transaction code.

Regards.

Ruchit.

Former Member

‎06-11-2007 2:31 PM

0 Kudos

Hi,

You can provide user with table maintenance(SM30) to specific tables using authorization object S_TABU_DIS. Group the similar tables under one auhthorization group and give that authorization group in the field name DICBERCLS under the authoriztion object S_TABU_DIS.

SE54 => created a new Authorizathion group called: ZXXx (access to specific tables)

SUCU => Assign the tables to that ZXXX

PFCG => created a new role and give the below values in the authorization object

S_TABU_DIS

ACTVT 02,03

DICBERCLS ZXXX

Regards,

Bharath

Former Member
In response to Former Member

‎06-11-2007 4:00 PM

0 Kudos

Although technically all solutions provided are possible, one should ask why direct table maintenance is needed.

In general one SHOULD NOT do it this way, but look for a way of providing SAP info through a transaction.

We have never found a situation were it is really needed.Normally the request only comes out of lazy peopel!!!

So always ask for a Good explanation including approval on high level in the business.

Be ware that the ONLY secure solution is by creating a custom transaction. Limitation on S_TABU_DIS is normally leaking because of values in other roles the same user has!

Former Member
In response to Former Member

‎06-11-2007 4:01 PM

0 Kudos

SUCU gives me Table/view v_ddat is not in the Dictionary?

Former Member
In response to Former Member

‎06-11-2007 4:30 PM

0 Kudos

Hello Maritza,

What is your SAP release ?

regards.

Ruchit.

Former Member
In response to Former Member

‎06-11-2007 6:28 PM

0 Kudos

Hi Ruchit,

Release 7.

Thanks,

Maritza

Former Member
In response to Former Member

‎06-12-2007 2:16 PM

0 Kudos

Am I doomed ?

Former Member
In response to Former Member

‎06-12-2007 3:37 PM

0 Kudos

Hi,

Just try adding authorization group using transcation SE54.If this also doesnot works, please go a head as ruchit said above with the creation of the transaction codes for all these tables and this is also the best possible way as lot of tables may share the same authorization group. If you want to create transaction code for table maintenance, Go through the below link

http://www.sapdevelopment.co.uk/tips/tips_tabmaint_tcode.htm

Regards,

Bharath