Question:
Look at transaction code OB52 as an example of a tcode that is table specific.
However you do not need table specific transaction codes if you use the security SAP provides.
Thre is nothing wrong with giving SE16 or SM30 in production as long as you controll access to the tables appropriately.
Every table should have an authorization group on the table ( maintianed in SUCU or SE54). This allows you to group tables together to allow access to these table by specific roles.
One of the misconceptions of the auditors is that SM30 should not be given in prodiction. this is no true! Only production tables can be maintained in a production system so the vast majority of thbles cannot be maintained because of the system setting. Further those tables that can be maintianed are controlled with S_TABU_DIS. It can be read or Write .
_________________
John A. Jarboe
Answer:
replace SE16 with SE16N. At least SE16N logs all changes.
John is right, restrict SM30 via S_TABU_DIS to tables of specific groups. Some tables can only be maintained in production (e. g. V_T462A).
_________________
rgds
fish
Answer:
Hi,
Thanks John & Fish for your replies.
Just one query left. Can we maintain S_TABU_DIS through SU24 for the authorization of Change, Create & Display.
Also Fish can you please tell me how can we restrict SM30 via S_TABU_DIS for a specific group tables.
Thanks
Akash
Answer:
Hi,
Thanks John & Fish.
I have found the solution and steps for restricting SM30 and SE16.
Thanks again.
Akash