02-26-2008 9:57 AM
Hi Guys,
I encounter a question recently regarding authorization of SE16 . Could someone kindly help me regarding blocking certain sensitive tables when using SE16. Perhaps provide a link or something.
Its just blocking , say a group of users with a role that has SE16 , accessing certain sensitive tables.
Any guide or advise is very much appreciated .
Thanks guys.
02-26-2008 10:06 AM
02-26-2008 10:06 AM
02-26-2008 2:34 PM
Hi Jurg
Thanks for the tip.
I scan through some of the forum , and manage to find something like this:
"You can check table TDDAT to find the authorization groups related to the Z-tables. Note that if a table is not maintained here it is automatically assigned group &NC&.
if you want to allow a user access to only some Z-tables then the procedure would be -
1. create a new auth group for S_TABU_DIS via SE54.
2. modify table TDDAT to associate the required Z-tables to the Z-auth group.
3. create a new role with SE16 and the object S_TABU_DIS and only add the new Z-auth group in field DICBERCLS.
4. assign the role to the concerned user. "
But what about , say i found auth group , example "SS" , which by default belongs to a table A & B , and a whole lot of other tables. Table A which I allow users to view , but table B I don't. What is the usual practise to separate for this scenario. I was thinking of changing auth group for B , to example ZZ , so that the users are
not authorize to view them. But does this have any impact on anywhere else?
Any help or tips will be greatly appreciated. Thanks.
02-26-2008 2:48 PM
Have you considered not to issue SE16 but to create one or more custom parameter transactions for SE16 with the proper table selected and no selection screen?
See SAPhelp: http://help.sap.com/saphelp_nw2004s/helpdata/EN/43/2c43b427bf601fe10000000a422035/frameset.htm
02-27-2008 1:40 PM
Hi Jurjen
Thanks for the tip. I'll take a look through it , if anyone has any more suggestions , I would appreciate it too. Thanks guys
02-27-2008 3:39 PM
There is a similar - may be of interest to you -post thats is running parallel to yours- the post is titeld -Table Access / protection.
The driving force behind that post is to close out the EWA
Thanks