Question:
Hi Gurus
I have basic need to restrict the tables except tables strating T* and need to create a role for assigning to the user.
Thanks in advance
Reddy
Answer:
You cannot authorise on table names directly, only on table groups. Authorisation object S_TABU_DIS is used for that, where you indicate the table group for which the user is authorised.
Using table TDDAT you can determine for each table to which group they belong. So you should investigate to which groups the T* tables belong and exclude this group in the S_TABU_DIS authorisation.
Answer:
Hi
Its great idea wht you have given..I tried bfore same ...
If we do like wht you said....we are getting access to the more tables also
b'coz
suppose AuthGroup SC is having table names starting with T* anf other also like K* etc..
2)I tried to create new authGroup and tried to assign all the tables starting with T*..when I am doing this the standard defined AuthGropus for tables are changing is it going to effect any further ..
Pl needs Your guidance regarding this.
Thanks
Srinivas.T
Answer:
I do not know for sure but I do not think it will cause problems if you reassign the authorisation group of the T* tables.
You should however take into a account that you will have to change the roles of the (batch)users who DO need to have authorisation to the T* tables, if applicable.
You could test on a prototyping system in your system landscape to know for sure.
Answer:
You can randomly change auth group values on table you just have to accept the consequences. There are many SAP utilities that use the auth group to validate access so changing these can effect user's acess to that functionality.
The curious question is why are "T" tables considered safe and others are not? There are just as many "T" tables that should be kept from general access as "non-T" tables.
What is the base requirement you are trying to acheive? there may be an alternative.