topic Re: security design in Application Development and Automation Discussions

security design

Former Member — Mon, 08 Jan 2007 05:33:45 GMT

Hi Gurus,

how to implement security for tables.i e we have to restrict table access.

Thanks

Regards

Re: security design

Former Member — Mon, 08 Jan 2007 06:33:19 GMT

here is the extract from a popular site.. go thru this ..

Critical and custom SAP R/3 tables are restricted.

Execute transaction SUIM

Authorization Object: S_TCODE

Transaction Code: SM31 (enhanced tables maintenance)

Authorization object: S_TABU_DIS

Activity: 02 AND 03

Risk: The risk here is that users who have this access, have the ability to maintain table data directly in the production system. This includes transactional, masterfile, security and configuration data.

Execute transaction SUIM

Authorization Object: S_TCODE

Transaction Code: SM31

Authorization object: S_TABU_DIS

Activity: 02 AND 03

Authorization Object: S_TABU_CLI

Identify if custom transactions have references to authorization objects.

Execute transaction code: SE16

Table name: TSTCA / TSTC

TCODE: Z*

Check table TSTCA and verified that no Z transactions existed. Verified in table TSTC that the majority were secured by Authorization objects. Since all transactions are secured by S_Tcode this control is still effective.

hope this will help you.

with br,

Rajesh .

<i>award suitable points</i>

Re: security design

Former Member — Mon, 08 Jan 2007 15:09:22 GMT

Hi,

Identify the roles (using T-Code SUIM) which has T-code SM31 and object values (02 or 03).

Identify users (SUIM) who all been assinged the above roles.

Either modify the role as per the requirement.

Remove the authorization (Role for that particular user)

Cheers

Soma

Message was edited by:

soma pradeep

Re: security design

Former Member — Wed, 07 Mar 2007 18:55:58 GMT

Hi,

Do in this way. First you should know which object need to protect table. Here is the object need to protect table

S_TABU_DIS

Then create ztransaction as custom transaction or parameter transaction of SE16

Ex: To protect table Mara we we need customized transaction as follows

Go to SE93 and click Create button add this values

ZMara_SE16

Transaction SE16 as taking properties to this customized transaction

Assign the object S_TABU_DIS

Go SE54 and create table authorization Group such as "Demotable"

In Se54 Tcode just click create authorization group it willl go to list of table authozn groups and u will see screen with button "New entry".

So click to New Entry enter your named authn group for table different companies have different naming convention ex. sat

next SAVE it and now you created Authn group

Next you need to assign this group to set of table.

So go to Se16 table enter TDDAT. you will see view of tables and Authn group.

Next click to create button

enter authn group and enter the table one by one

Example: Table "MARA" Authn Group "sat"

Then SAVE it

Assign the t_code to role where user can only access to defined table

So Inthis way you have protected table. Hope you got the right answer.