But my question is, created authorization group is not seen through the S_TABU_DIS object.Even tried saving the authorzation group manually to the field values of S_TABU_DIS,but its not saving?.Instead it can be pulled through TDDAT.

Hey John,

In one of my SAP systems, it does not show any of the authorization group values using F4 in autho object. But there are many in TDDAT.

I usually enter the Autho Grp value manually in the DICBERCLS field.. which it happily accepts !!

Regards,

Sachin

>

>Even tried saving the authorzation group manually to the field values of S_TABU_DIS,but its not saving?.Instead it can be pulled through TDDAT.

That is strange behaviour, what version of SAP are you working on?

Can you maintain that custom auth object against S_TABU_DIS in table TBRG? This may let you pick it from the list, but that still doesn't explain why you are having problems entering it into what should be a maintainable field in PFCG. Does S_TABU_DIS work like this in all roles or just the one you are maintaining?

Hey,

SAP version ECC 6.0,I cant able to see throough TBRG.In TBRG,for corresponding s_tabu_dis,there is no custom authorization group which I created .But I can see through TDDAT,corrsponding custom authorization group and the custom table.

TDDAT will show you the auth group you assigned to the table.

If you want it to appear as a pick list when you do F4 in the DICBERCLES field in S_TABU_DIS then you need to maintain it in TBRG. The two are not dynamically linked. I am, however, more concerned that you are unable to update the field directly in PFCG with free text (4 chars). Does this happen in all roles?

No,the problem is only for the custom authorization group.How to connect the custom auth.group to the table TBRG?..Thank you so much for your replies.

You can create the auth group in transaction SE54.

You can assign these to tables in SE54 or SUCU.

In higher releases, the view of transaction SUCU is by default not in the system.

Cheers,

Julius

>

> No,the problem is only for the custom authorization group.How to connect the custom auth.group to the table TBRG?..Thank you so much for your replies.

So are you telling me that:

1. You can type in standard auth groups into field DICBERCLES via PFCG

2. SAP will not let you type in custom ones

3. You can only type in those which are linked to S_TABU_DIS in TBRG

Considering that field DICBERCLES is a 4 char free text field in every instance I have seen (up to ECC6) then there sounds like there is something wrong here!

It might be that SAP is validating the entry. In the case of SAP delivered auth groups, they are defined, so the free text entry is also okay.

The custom entry, not prior defined as a valid auth group to assign to either via free text or F4, fails.

?

Cheers,

Julius

>

> It might be that SAP is validating the entry. In the case of SAP delivered auth groups, they are defined, so the free text entry is also okay.

>

> The custom entry, not prior defined as a valid auth group to assign to either via free text or F4, fails.

>

> ?

>

> Cheers,

> Julius

That's what I'm thinking, can't say that I've seen it do that in any system I've used and nothing on OSS that I can find that says there is a switch for this field to validate entries against any other table.

Hi Alex,

I have not tried to assign auth groups to tables which did not exist.

As some say, the best test is a negative test, so I will try, and see what happens...

@ John Lewis: Which release & SP level are you on (approximately)?

Cheers,

Julius

>

> Hi Alex,

>

> I have not tried to assign auth groups to tables which did not exist.

>

> As some say, the best test is a negative test, so I will try, and see what happens...

Hi Julius,

I hope to be able to save your R&D time, no use in trying to assign auth groups to non-existent tables.

In my ECC6 I can confirm I entered a random string in dicbercls of Z&&1 and F$$$ and they went in like any other free text field. Those text strings aren't used for anything in the vanilla sandbox I did it in.

Cheers

Alex

Hi Alex,

What I meant was assign an existing table to a non-existing auth-group.

Yes, you are correct. This does work.

Only other thing I can think of is the permitted values for S_TABU_DIS field DICBERCLS have been restricted to a given set of fixed values via authorization object S_USER_VAL.

@ John Lewis: Do you have specific set values in your own authorizations for object S_USER_VAL:

OBJECT: S_TABU_DIS

AUTH_FIELD: DICBERLCLS

AUTH_VALUE: ?????

Cheers,

Julius

Edited by: Julius Bussche on Feb 5, 2008 12:56 PM