11-05-2007 9:34 AM
Hello,
Our problem is that many users can access the client settings.
One way of restricting it is to remove access to transactions SCC4, SE03, SM30.
The other way is to restrict the users from object S_TABU_DIS and table group SS.
The problem is that many users run sm30 in D and the table group SS contains a lot of SD tables for example so it cannot be removed.
Is there an another way of restricting this without changing the standard? ( SE11 is no good either)
Best regards
Vincent
11-05-2007 11:12 AM
Hello,
Why not create a custom Authorization Group and re-assign these Tables in question, to the new Authorization Group, and the limit access to this new Authorization group.
chumy.
11-05-2007 11:12 AM
Hello,
Why not create a custom Authorization Group and re-assign these Tables in question, to the new Authorization Group, and the limit access to this new Authorization group.
chumy.
11-05-2007 3:28 PM
Hi,
What about new release etc. What you can do is to solve this with a special user and a procedure. When someone need this transaction use the special user and you can monitor the activities. If you have SAP GRC (VIRSA) than you can use a firefighter, Virsa takes care of the monitoring.
Have fun
Bye
Jan van Roest
11-05-2007 3:26 PM
Hi Sony,
You can restrict access to SCC4, SE16, SM30 by limiting the access via the authorization objects S_TABU_DIS and S_TABU_CLI.
The client-independent tables are secured by authorization object S_TABU_CLI and the client-dependent tables are secured by S_TABU_DIS.
Additionally you can create authorization groups for the specific tables you would like to secure in SE54.The assignments of the tables to authorization groups is stored intable TDDAT. You can restrict the user to a specific table by giving access for display only in S_TABU_DIS and S_TABU_CLI.
Hope this helps.
Regards,
Kiran.