02-22-2008 3:39 AM
Below is SAP Early Watch Recommendation.
Access on RFBLG - Cluster for Accounting Document
Program Data: Select * from BSEG - SAP Table
SQL Statement from data browser
This statement comes from transaction SE16 (data browser). It is not recommended that you allow users to access this transaction in the production environment.
Recommendation: Lock transaction SE16 by changing the system settings.
My questions:
1. How can we restrict with out Locking Se16 in PROD.
2. what system changes can we do?
3. How is table linked to Clsuter
4. Can we Lock the table or Cluster
5. Anything linked to Authorization Group
6. I don't have authorization in PROD & tried to get the table from SE11 & SE16.Its showing Authorization Missing - S_TABU_DIS with Activity 03 & SS.
Please let me know
Thanks,
Vijay
02-22-2008 5:21 AM
Yes, it is true, do not give access of se16 to end users in production system. This will be objected by Auditors also.
1. How can we restrict with out Locking Se16 in PROD?
A. Remove authorization of se16 from the roles of users.
2. what system changes can we do?
A. Change it through authoprization control.
3. How is table linked to Clsuter
4. Can we Lock the table or Cluster
A. Cluster is the internal functional/transactional concept in this scenario.
5. Anything linked to Authorization Group
A. No.
6. I don't have authorization in PROD & tried to get the table from SE11 & SE16.Its showing Authorization Missing - S_TABU_DIS with Activity 03 & SS.
A. If you are a system admin, upto an extent (display) you can the authorization.
Thanks,
- gaurav
02-22-2008 6:27 AM
Simply make sure that in NON of the roles the s_tcode SE16 is given or a range that would allow for SE16.
Locking is not best practice for this TRX
02-22-2008 6:45 AM
Hi Vijay,
I also would like to share some info...
We too received EWA last month.As mentioned by earlier,pls block SE16 in PROD.Even in some cases if u want to give SE16 to any user,then restrict in authorization group(S_TABU_DIS).Pls do not given * access in authorization group(same was pointed out in our EWA and we removed * ) .Provide table access on need basis only.
Rgds,
Gadde.