Solved: s_tabu_dis

Former Member · ‎09-06-2007

hi

i have to determine which role grant access to S_tabu_dis

and also determine which of the users have access to transaction codes like se16 sm30.

2.for users who have s_tabu_dis in combination with table access transaction,

determine which table the user can access,

points will be rewarded

Former Member · ‎09-06-2007

to determine which role has access to S_tabu_dis

Goto SUIM transaction --> Roles by complex search --> Select "By Authorization Object" & Search(s_tabu_dis)

2) to determine which of the users have access to transaction codes like se16 sm30:

>> Same again, goto SUIM --> User --> Users by Complex Selection Criteria --> Select "By Transaction Authorizations" & Execute.

3) for users who have s_tabu_dis in combination with table access transaction,

determine which table the user can access:

>> Once you identify such users, check their authorizations (roles/profiles assigned) for the S_DEVELOP authorization object where you can see what kind of access (create/change/display...etc) is given for which object types (e.g. TABL means TABLE.....etc).

Here the "Object name" & "package" fields define which tables the user can access ('*' means all tables).

Former Member · ‎09-06-2007

Access to SE16 and SM30 is not best practice. one should ONLY use custom trx for this kind of access.

If you need to know what authorisation group certain table belongs to look in table TDDAT or view V_DDAT.

But be very easy on this, better let the user prove with a su53 report that he needs access to a certain group.

only good use of aforementioned tables can be to investigate what other tables access will be given to when a group is assigned, and use that as an argument not to allow this access. This can be solved by assigning the table to its own group , but even better creating a custom TRX of Se16, resticted to the specific table. Never give direct table update access (Sm30/31). Tell teh SAP consultnat who request such a thing to not come back before the standard TRX to update the data has been found!!! Never trust consultants who claim it can not be done anyway other than via SM30/31, as they should not be working as consultants because of lack of knowlegde of SAP!!!

Former Member · ‎09-06-2007

1) to determine which role has access to S_tabu_dis

>> Goto SUIM transaction --> Roles --> Select "By Authorization Object" & Search

2) to determine which of the users have access to transaction codes like se16 sm30:

>> Same again, goto SUIM --> User --> Users by Complex Selection Criteria --> Select "By Transaction Authorizations" & Execute.

3) for users who have s_tabu_dis in combination with table access transaction,

determine which table the user can access:

>> Once you identify such users, check their authorizations (roles/profiles assigned) for the S_DEVELOP authorization object where you can see what kind of access (create/change/display...etc) is given for which object types (e.g. TABL means TABLE.....etc).

Here the "Object name" & "package" fields define which tables the user can access ('*' means all tables).

Hope this helps

Chaitu

Former Member · ‎09-06-2007

all the needed data can be found in table AGR-1251 (do not trust SUIM to give you all the info). Look for roles with a combination of S_TABU_DIS and SE16/Sm30/31 or a Z TRX that can be a custom TRX (To find out if what kind of custm TRX look into Se93).

But also look into a combination of AG_1251 and AGR_Users to also find users taht have TRX access in one role and S_TABU_IS in Other roles assigned.

Former Member · ‎09-06-2007

To find out which users have the access run your SUIM report with selection criteria of auth object S_TABU_DIS and tcode SE16 and / or SM30. S_TABU_DIS has 2 fields - activity and auth group - activity will tell you whether it is display / change. Auth group is table auth group which tells you what table grouping. You can determine the actual tables in tcode SE54 - select assign auth group. You can then either select a table or auth group.

Former Member · ‎09-06-2007

to determine which role has access to S_tabu_dis

Goto SUIM transaction --> Roles by complex search --> Select "By Authorization Object" & Search(s_tabu_dis)

2) to determine which of the users have access to transaction codes like se16 sm30:

>> Same again, goto SUIM --> User --> Users by Complex Selection Criteria --> Select "By Transaction Authorizations" & Execute.

3) for users who have s_tabu_dis in combination with table access transaction,

determine which table the user can access:

>> Once you identify such users, check their authorizations (roles/profiles assigned) for the S_DEVELOP authorization object where you can see what kind of access (create/change/display...etc) is given for which object types (e.g. TABL means TABLE.....etc).

Here the "Object name" & "package" fields define which tables the user can access ('*' means all tables).

Former Member · ‎09-06-2007

If you just want to find out which users can update table contents, then you only need to check for tcodes SM30/SM31 and auth object S_TABU_DIS - you don't need to check for access to auth object S_DEVELOP

Former Member · ‎09-07-2007

Donno why people copy & paste others' reply !!

Is it just to grab points ?

Former Member · ‎09-21-2007

Sri, please paste into the Text body and not the Subject title if you are going to do this...

Sun shine, I have removed the points given to Sri...

Topic locked...