- SAP Community
- Groups
- Interest Groups
- Application Development
- Discussions
- restricting table
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
restricting table
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-26-2007 6:14 AM
Hi,
How to restrict the particular user for a particular table.For example user A is there he want to see only the table "VBAK" like that we have to restrict particular user.
Thanku
- SAP Managed Tags:
- Security
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-26-2007 6:17 AM
Each table has an authorisation group (see transaction SE54), you would assign the users role with auth object S_TABU_DIS and specify the authorisation group to restrict them to those tables under that auth group.
problem with this is that there could be a variety of tables under an auth group.
- SAP Managed Tags:
- Security
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-26-2007 6:25 AM
in that case you can create a new group and assing the table to that group.
- SAP Managed Tags:
- Security
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-26-2007 10:35 AM
through se54 created new auth group.Then how to assign the auth group.can any one pleas give me step by step.
Thanku
- SAP Managed Tags:
- Security
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-26-2007 11:02 AM
If you don't know how to do this or are not willing to do your own research then you should speak to your ABAP development team and get them to show you or do it for you.
If you use the search then there are plenty of step by step guides
- SAP Managed Tags:
- Security
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-27-2007 2:54 AM
Hi chinnu,
SE54 => created a new Authorizathion group called: ZXXX
SUCU => Assign the Z table that you have created to the newly created authorization group ZXXX
____________________________________________________________________
SE54 => created a new Authorizathion group called: Z000 (access to specific tables)
- SUCU => Assigned the new table to that Z000
- PFCG => New role dedicated especially to this end-user with :
Table Maintenance (via standard tools such as SM30) = S_TABU_DIS
ACTVT 02,03
DICBERCLS Z000
__________________________________________________________________________________________________________________
You will likely be creating a new authorization group if you are restricting access from everyone. Also you don't specify the table name in the auth object (S_TABU_DIS), within the role, only the authorization group (4 characters) for which you have assigned to the table in transaction SE54.
High level overview:
1. Go to SE54 and create new auth group.
2. Assign table to auth group using SE54.
3. Add S_TABU_DIS with the auth group to roles.
4. Remove S_TABU_DIS specific auth group access from roles
cheers!
- SAP Managed Tags:
- Security
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-26-2007 11:00 AM
If you want this level of control then get your abap team to create a transaction which is linked to a view of that particular table. You will also want to put the other restrictions in place as described by Nathan & Auke
- SAP Managed Tags:
- Security
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-26-2007 12:47 PM
Another option is to create a parameter transaction for tcode SE16 or SM30. Input the table VBAK and skip the initial screen - this will give access to only that table and not others in the same table auth group. Note you will still need access to the table auth group via auth object S_TABU_DIS.
- SAP Managed Tags:
- Security
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-26-2007 7:00 PM
hi,
There a few options available depending on the type of solution you are looking for.
1) You can use the transaction SE54 to assign the Z tables to a authorization group and give access to the Authorization group through S_TABU_DIS.
and depending on the way you are trying to access the table might require SE16(not mandatory always).
The problem with this is once u have access to the S_TABU_DIS all the the tables which are not assigned to any auth grp are given access.
2) Second approach is to create custom Tcodes (Transaction with Parameters)
for SE16 (if you are creating this for SE16) and give S_TABU_DIS with the Authorization group.
The advantage is that the end user will not have access to Se16 so will not able to see other tables which dont have a authorization group
If you want to create the scenario for editing then do the same but with SM30 Tcode but the mae suew that it has a maintainance interface from SM30
- SAP Managed Tags:
- Security
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-26-2007 7:35 PM
VBAK is not a Z table, but <i>might</i> have a Z auth group on it.
You should do this (also creating the transaction, and adding it to the role) in a development system. For this you do not have to be a developer nor have a developer key, but it is wise to ask one to help you, sometimes.
In a development system, you can create the V_TDDAT view for assigning the auth groups to the tables via transaction SUCU.
When SE16 finds the auth group field of a table empty, then it gives a <i>symbolic</i> auth group to the table named '&NC&'. So if the auth group is empty, then the authority-check on object S_TABU_DIS is not surpressed.
- SAP Managed Tags:
- Security
