Question:
I know there have been many discussions about protecting sm30. But can I specifically confirm with you guys:
1. for client dependant tables, best option is assigning authorisation groups to tables.
2. for client independant tables, would the best practice be creating a new transaction code for the sm30 maintenance function of a table?
no? -- then what is it?
yes?-- then we need to give s_tabu_cli "X", do we need to give 02 to s_tabu_dis as well? so the only protection behind is s_tcode, since we have given s_tabu_cli value X.
thank you.
Answer:
Client independent tables also have authorization groups.
Answer:
Client independant tables do have authorization groups or at least the opertunity to add them. ( look at table T000 auth group SS). ALL tables are controlled with S_TABU_DIS and if it is a client independent table you also need S_TABU_CLI also. yes once you give S_TABU_CLI you have access to all client independnat table in the auth groups you have access to in S_TABU_DIS. this is why SAP allows you to change the Auth group in tables using SUCU or SE54.