SE16 Table Authorization For Z* Tables Only.

Former Member · ‎11-19-2007

Hi ALL,

I Wanted to give access to my users to SE16 but, i want them to access on the Z* Tables. Please let me know, what chnages to be done in profile.

Please explain in steps.

Thanks.

former_member759680 · ‎11-20-2007

1. Find out the Authorization Groups of all the Z* Tables (You can use SE11 for this)

2. Go to Tx PFCG and change the Role that is assigned to the Users.

3. Go to Authorizations tab and find Object S_TABU_DIS

4. Add the Authorization Groups obtained in Step 1. above to the Field that says 'Authorization Group'

5. Add the Activity as per your requirement (02- edit, 03 - Display)

Viola!

Former Member · ‎11-20-2007

Hi,

I strongly advice you never to give se16 to endusers, also if you restrict them. If there is an interaction between tables you never see the information that you should. take care of object s_develop, if there is an update actvt in that from an other role you have more then display in se16.

have fun.

Jan van Roest

Former Member · ‎11-20-2007

I agree with Jan van that you should not give access to SE16. I would rather create custom transaction codes in SE93 for individual tables and give access to these t.codes.

Former Member · ‎11-21-2007

You can check table TDDAT to find the authorization groups related to the Z-tables. Note that if a table is not maintained here it is automatically assigned group &NC&.

if you want to allow a user access to only some Z-tables then the procedure would be -

1. create a new auth group for S_TABU_DIS via SE54.

2. modify table TDDAT to associate the required Z-tables to the Z-auth group.

3. create a new role with SE16 and the object S_TABU_DIS and only add the new Z-auth group in field DICBERCLS.

4. assign the role to the concerned user.

I agree with Jan that SE16 and also SM30/SM31 access should not be allowed for end users. Instead Z-transactions should be created for specific tables to allow display/change access. As these transaction would be generally be variants of SM30/SE16, I would still advice creation of new authorization groups for the required tables so as to avoid accidental access being given to users.

Regards,

Sanju.

jmanchester · ‎06-21-2013

Great tip regarding &NC&!

Jeremiah

Former Member · ‎12-26-2007

Hi,

You may try below steps :

ACTIVITY : 03,16

PACKAGE : Z*

OBJECT NAME : Z*

OBJECT TYPE : TABL (imp)

Authorization group ABAP/4 program : *

As recommended by previous postings in this , this auth not at all recommended in Production environment.

Rgds,

Gadde.

Former Member · ‎12-26-2007

Hi Irfan,

SE16 is not suggested to endusers

instead you can use SE17 to display tables

for your Z* tables you can create authorization Group from SE54 or SE56 and assign those groups in S_TABU_DIS

so that we can restrict from seeing other tables

object S_TABU_DIS

Activity 03

Authorization Group Z*

hope this will help you

Thanks,

kishore

Former Member · ‎12-28-2007

U r right KK.

I strongly recommend even not to give Z* also....i always ask user for clarification b'fore giving it..if the reason sounds good,then immediately u have to ask which table or program wants to execute/display(?).....after providing auth for SE16 ,request user to send few SU53 screen shot....so he cannot go beyond that.....

i followed above steps too....so S_DEVELOP & S_TABU_DIS plays very important roles......

Rgds,

Gadde

Former Member · ‎06-23-2013

It is strongly recommended that SE16 access is not given to all users.

You can use the object S_TABU_NAM to restict the access to only z* tables