11-19-2007 10:25 PM
Hi ALL,
I Wanted to give access to my users to SE16 but, i want them to access on the Z* Tables. Please let me know, what chnages to be done in profile.
Please explain in steps.
Thanks.
11-20-2007 11:40 AM
1. Find out the Authorization Groups of all the Z* Tables (You can use SE11 for this)
2. Go to Tx PFCG and change the Role that is assigned to the Users.
3. Go to Authorizations tab and find Object S_TABU_DIS
4. Add the Authorization Groups obtained in Step 1. above to the Field that says 'Authorization Group'
5. Add the Activity as per your requirement (02- edit, 03 - Display)
Viola!
11-20-2007 3:38 PM
Hi,
I strongly advice you never to give se16 to endusers, also if you restrict them. If there is an interaction between tables you never see the information that you should. take care of object s_develop, if there is an update actvt in that from an other role you have more then display in se16.
have fun.
Jan van Roest
11-20-2007 4:22 PM
I agree with Jan van that you should not give access to SE16. I would rather create custom transaction codes in SE93 for individual tables and give access to these t.codes.
11-21-2007 12:04 PM
You can check table TDDAT to find the authorization groups related to the Z-tables. Note that if a table is not maintained here it is automatically assigned group &NC&.
if you want to allow a user access to only some Z-tables then the procedure would be -
1. create a new auth group for S_TABU_DIS via SE54.
2. modify table TDDAT to associate the required Z-tables to the Z-auth group.
3. create a new role with SE16 and the object S_TABU_DIS and only add the new Z-auth group in field DICBERCLS.
4. assign the role to the concerned user.
I agree with Jan that SE16 and also SM30/SM31 access should not be allowed for end users. Instead Z-transactions should be created for specific tables to allow display/change access. As these transaction would be generally be variants of SM30/SE16, I would still advice creation of new authorization groups for the required tables so as to avoid accidental access being given to users.
Regards,
Sanju.
06-21-2013 9:48 PM
12-26-2007 6:28 AM
Hi,
You may try below steps :
ACTIVITY : 03,16
PACKAGE : Z*
OBJECT NAME : Z*
OBJECT TYPE : TABL (imp)
Authorization group ABAP/4 program : *
As recommended by previous postings in this , this auth not at all recommended in Production environment.
Rgds,
Gadde.
12-26-2007 7:09 AM
Hi Irfan,
SE16 is not suggested to endusers
instead you can use SE17 to display tables
for your Z* tables you can create authorization Group from SE54 or SE56 and assign those groups in S_TABU_DIS
so that we can restrict from seeing other tables
object S_TABU_DIS
Activity 03
Authorization Group Z*
hope this will help you
Thanks,
kishore
12-28-2007 12:24 PM
U r right KK.
I strongly recommend even not to give Z* also....i always ask user for clarification b'fore giving it..if the reason sounds good,then immediately u have to ask which table or program wants to execute/display(?).....after providing auth for SE16 ,request user to send few SU53 screen shot....so he cannot go beyond that.....
i followed above steps too....so S_DEVELOP & S_TABU_DIS plays very important roles......
Rgds,
Gadde
06-23-2013 3:02 PM
It is strongly recommended that SE16 access is not given to all users.
You can use the object S_TABU_NAM to restict the access to only z* tables