Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

SE16 about

Former Member

‎06-05-2008 8:54 AM

0 Kudos

the table can work at background but user doesn't into se16 transaction.how can I do that case ?

9 REPLIES 9

Former Member

‎06-05-2008 9:27 AM

0 Kudos

Don't give the user SE16 or any other table maintenance transaction/function.

To elaborate, access to tables is restricted by S_TABU_DIS. If the code in a particular program invokes an authorisation check when accessing table data then you generally need to satisfy that check with the relevant table auth group. If you also give se16/17 etc then the user will inherit those auths and be able to access tables assigned to the groups you have given previously.

Edited by: Alex Ayers on Jun 5, 2008 10:11 AM

Former Member
In response to Former Member

‎06-05-2008 2:07 PM

0 Kudos

Are there another any solution?

former_member74904
Contributor
In response to Former Member

‎06-05-2008 2:12 PM

0 Kudos

could you be a little more precise in what you're asking. somehow Alex is able to make sense of your question, but I'm afraid I'm not...

Former Member
In response to Former Member

‎06-05-2008 2:19 PM

0 Kudos

What I described is the default behaviour of SAP. If you give anyone access to display or maintain tables via SE16 etc then they will inherit the auths as I described.

If you want users to access table data then the tables should be linked to a transaction and the users given those transactions in their roles.

The alternative is to accept the risk and minimise this by ensuring that users don't have access to all auth groups in S_TABU_DIS

Former Member
In response to Former Member

‎06-05-2008 2:26 PM

0 Kudos

Hi Dimitri,

My understanding is:

User needs to do stuff which requires table auths.

User also needs to view some tables & has been given SE16

Question is that is there any way to prevent the user from seeing tables belonging to the table auth groups which the user needs access to for their general transactional processing.

Former Member
In response to Former Member

‎06-05-2008 2:47 PM

0 Kudos

My interpretation is slightly different: User should be able to access / update tables in background, without needing to have tcode SE16. So a report is sought.

Former Member
In response to Former Member

‎06-05-2008 2:49 PM

0 Kudos

Hi all

solution is: create a parameter transaction , this is the best way to limit the user to a certain table without a backdoor as when you restict on S_TABU_DIS

Former Member
In response to Former Member

‎06-05-2008 3:02 PM

0 Kudos

> 

> Hi all
> 
> solution is: create a parameter transaction , this is the best way to limit the user to a certain table without a backdoor as when you restict on S_TABU_DIS

I agree........assuming my interpretation is right & Julius' is wrong

Former Member

‎06-05-2008 3:34 PM

0 Kudos

Hi Gulsah

My assumption is User has access to process the Table in Background using batch jobs, but he cannot access it through SE16 transaction..

Right?

refer to the following link

http://help.sap.com/saphelp_nw70/helpdata/en/cf/21eb6e446011d189700000e8322d00/content.htm

"choose an entry from the dropdown box for the Data Browser/Table View Maintenance field. Choose Table maintenance allowed on this tab page if users with the corresponding authorization may change the data in the table using the Data Browser (Transaction SE16). For more information refer to the available options in Data Browser/Table View Maintenance."

Hope this helps