Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Recommendation: Lock transaction SE16 by changing the system settings.

Former Member

‎02-22-2008 3:39 AM

0 Kudos

Below is SAP Early Watch Recommendation.

Access on RFBLG - Cluster for Accounting Document

Program Data: Select * from BSEG - SAP Table

SQL Statement from data browser

This statement comes from transaction SE16 (data browser). It is not recommended that you allow users to access this transaction in the production environment.

Recommendation: Lock transaction SE16 by changing the system settings.

My questions:

1. How can we restrict with out Locking Se16 in PROD.

2. what system changes can we do?

3. How is table linked to Clsuter

4. Can we Lock the table or Cluster

5. Anything linked to Authorization Group

6. I don't have authorization in PROD & tried to get the table from SE11 & SE16.Its showing Authorization Missing - S_TABU_DIS with Activity 03 & SS.

Please let me know

Thanks,

Vijay

3 REPLIES 3

Former Member

‎02-22-2008 5:21 AM

0 Kudos

Yes, it is true, do not give access of se16 to end users in production system. This will be objected by Auditors also.

1. How can we restrict with out Locking Se16 in PROD?

A. Remove authorization of se16 from the roles of users.

2. what system changes can we do?

A. Change it through authoprization control.

3. How is table linked to Clsuter

4. Can we Lock the table or Cluster

A. Cluster is the internal functional/transactional concept in this scenario.

5. Anything linked to Authorization Group

A. No.

6. I don't have authorization in PROD & tried to get the table from SE11 & SE16.Its showing Authorization Missing - S_TABU_DIS with Activity 03 & SS.

A. If you are a system admin, upto an extent (display) you can the authorization.

Thanks,

- gaurav

Former Member

‎02-22-2008 6:27 AM

0 Kudos

Simply make sure that in NON of the roles the s_tcode SE16 is given or a range that would allow for SE16.

Locking is not best practice for this TRX

Former Member

‎02-22-2008 6:45 AM

0 Kudos

Hi Vijay,

I also would like to share some info...

We too received EWA last month.As mentioned by earlier,pls block SE16 in PROD.Even in some cases if u want to give SE16 to any user,then restrict in authorization group(S_TABU_DIS).Pls do not given * access in authorization group(same was pointed out in our EWA and we removed * ) .Provide table access on need basis only.

Rgds,

Gadde.