topic Re: Authorisation Groups in Application Development and Automation Discussions

Authorisation Groups

Former Member — Thu, 24 Mar 2011 12:15:38 GMT

SAP 4.7 6.20 - Windows Server 2008 - Oracle 10g

During the implementation of projects, I had to create some development classes for the abappers to register their programs according to the modules...MM, SD, PP, etc...

Now I was surprised about a new term : Authorisation Groups

I should create an authorisation group for a new project.

I was reading some websites and it seems I should use the "Generate table maintenance dialog maintenance transaction".

How do I find this SAP transaction ? I don't find how to start it...

Thanks in advance,

Everson

Re: Authorisation Groups

Former Member — Thu, 24 Mar 2011 13:07:54 GMT

PLease run a query or search in SDN.. there is set of links availble.. that will help you..

It may be there in memorable FAQS or the link over there...

Thanks,

PKP

Re: Authorisation Groups

Former Member — Thu, 24 Mar 2011 14:03:50 GMT

if you need to generate table maintainance, you need to do it through SE80/SE11. It only requires a Authorization group(created through SE54).

your question is not clear. Please specify your exact requirement.

Re: Authorisation Groups

Former Member — Thu, 24 Mar 2011 21:55:00 GMT

The most important thing to remember about "authorization groups" is that they are optional.

You need to set the BEGRU in the master record for the BEGRU related auth objects to become effective.

Not all applications consistently used BEGRU fields.

Actually the whole thing is an optional pest and sometimes not respected in standard reporting anyway, so it is of little use for display access and a crow's nest to define a concept with a 4 character field for multi-dimentional access (like a BW can).

Direct table access from the application layer is an exception here - tables without an "authorization group" are symbolically "&NC&" and therefore not optional, as they are "not classified".

Tough call.... see --> "S_TABU_NAM" as search term (there is a central FAQ OSS note on it as well) which eases this pain to some extent.

Cheers,

Julius

Re: Authorisation Groups

Former Member — Wed, 30 Mar 2011 12:29:49 GMT

Hi,

By using authorization groups we can restrict the authorizations at table level.

Here is the procedure to create and maintain Authorization groups.

--> Table TBRG: Here you can able to create new authorization group and If this requirement is for client specific then maintain under Authorization object S_TABU_DIS. If not maintain under auth object S_TABU_CLI.

--> Table TDDAT: Here you get the list of tables and just associat the new auth group to table which you want to restrct it.

--> Maintain this new auth group in the role against the Auth Object S_TABU_DIS or S_TABU_CLI.

Hence we can able to restrict the user from certain tables.

Thanks,

Siva Shankar

Re: Authorisation Groups

Former Member — Thu, 31 Mar 2011 15:52:53 GMT

Hello Siva,

Very interesting your answer because now I have an idea about the objects used in this procedure.

Let me know something...

What transaction do you use to create the authorisation groups in TBRG and TDDAT ? SE54 ?

It seems that you include the lines directly in the tables...

Re: Authorisation Groups

Former Member — Thu, 31 Mar 2011 15:57:57 GMT

Dear ED,

You can see my thread, though its not compltely answered; you can get some idea on your requirements