This website is not affiliated with, sponsored by, or approved by SAP AG.
10 posts • Page 1 of 1
The authorization object is S_TABU_DIS and the transaction is SM30 or SM31. First check the table to see what authorization group has been assigned (SE55). When creating the authorization for S_TABU_DIS, use this group and the activity code (03 = display only), (02 = change), (01 = add) that is appropriate. REMEMBER - this will give the user authorization to EVERY table in the authorization group. There is no way to restrict it to just one table unless you change the authorization groups.
You either give the user SM30 or SM31 or create a new "Z" parameter transaction that will run SM30 for a specific table only. I'm not sure what you mean by a restricted table. Do you mean an IMG/config table? Let me know what table you want your users to see and what level (display/update) of authority you want them to have.
Use Transaction SE93 to create your own t-code. Give them access to SE16 with the parameter of the table-name - make sure you select "skip initial screen". This way they can view just thr table specified.
Alternatively, you could create a query, (if on 4.6), rather than give access to se16.
You could then give them access to transaction SQ01, (query).
When you create the user group, you assign the users as required, and also whether they can display only, or display/change the query.
The problem with Query is if not structured correclyt there is no authority check on accessing the table and assigning a user to ONE user group in SAP QUERY gives them access to ALL queries.
The best solution is to either create a parameterized tocde executing SM30 directed to the table ( see tcode OB52), which you will still need to give S_TABU_DIS to the user.
There is nothing wrong with assigning SM30, SM31 or SE16 to users as long as you give display access to the table. you can change the auth group to the table using SUCU or SE54. Most all critical tables using SM30 are "lockled " in production be the client setting so evel if you slip up and give Change the table is protected by the System Setting.
SAP defaults SM30 to read if you do not have change access to the table. SM30 does NOT require change access to get to the table if the table has been generated to be viewed or changed in SM30.
10 posts • Page 1 of 1
Who is online
Users browsing this forum: No registered users and 4 guests