The SAP Fan Club Forums

by **ak4sap** » Mon Oct 21, 2002 12:00 pm

Hi,
What do we do to give a table access to a user?
URGENT!
Thx
AK

by **Julie McAfee** » Mon Oct 21, 2002 1:41 pm

The authorization object is S_TABU_DIS and the transaction is SM30 or SM31. First check the table to see what authorization group has been assigned (SE55). When creating the authorization for S_TABU_DIS, use this group and the activity code (03 = display only), (02 = change), (01 = add) that is appropriate. REMEMBER - this will give the user authorization to EVERY table in the authorization group. There is no way to restrict it to just one table unless you change the authorization groups.

Julie

by **ak4sap** » Mon Oct 21, 2002 1:48 pm

Does that mean that we have to give access to SM30?
And as far as I know, it is a restricted table! Is there a way around that?
AK

by **Julie McAfee** » Mon Oct 21, 2002 3:58 pm

You either give the user SM30 or SM31 or create a new "Z" parameter transaction that will run SM30 for a specific table only. I'm not sure what you mean by a restricted table. Do you mean an IMG/config table? Let me know what table you want your users to see and what level (display/update) of authority you want them to have.

Julie

by **Guest** » Tue Oct 22, 2002 9:45 am

If they just need to display a table, you can give them SE16 instead of SM30 or SM31.

Steve

by **Lyell** » Thu Oct 24, 2002 5:26 pm

Use Transaction SE93 to create your own t-code. Give them access to SE16 with the parameter of the table-name - make sure you select "skip initial screen". This way they can view just thr table specified.

by **JoolsG** » Tue Oct 29, 2002 4:51 am

Hi,

Alternatively, you could create a query, (if on 4.6), rather than give access to se16.
You could then give them access to transaction SQ01, (query).
When you create the user group, you assign the users as required, and also whether they can display only, or display/change the query.

Thanks

J

by **John A. Jarboe** » Tue Oct 29, 2002 11:02 am

The problem with Query is if not structured correclyt there is no authority check on accessing the table and assigning a user to ONE user group in SAP QUERY gives them access to ALL queries.
The best solution is to either create a parameterized tocde executing SM30 directed to the table ( see tcode OB52), which you will still need to give S_TABU_DIS to the user.

There is nothing wrong with assigning SM30, SM31 or SE16 to users as long as you give display access to the table. you can change the auth group to the table using SUCU or SE54. Most all critical tables using SM30 are "lockled " in production be the client setting so evel if you slip up and give Change the table is protected by the System Setting.

by **pdfernandez** » Fri Nov 08, 2002 7:28 pm

Hi AK,
You should do what Lyell said...but don't forget the correct values for S_TABU_DIS.
Don't use SM30 to read tables. Many transactions need S_TABU_DIS with ACTVT 02...and, if the user has SM30....it may be dangerous.

Regards.

Pablo

by **John A. Jarboe** » Mon Nov 11, 2002 11:57 am

SAP defaults SM30 to read if you do not have change access to the table. SM30 does NOT require change access to get to the table if the table has been generated to be viewed or changed in SM30.

The SAP Fan Club Forums

Table Access

Table Access

Does that mean

Who is online