topic Re: Regarding tables in Application Development and Automation Discussions

Regarding tables

Former Member — Tue, 10 Apr 2007 10:49:06 GMT

Can any one explain me how to give authorizations for table.

Is it possible to give proper authorizations so that only certains users can access

my table.

How can we restrict users to acess certain tables in sap

Please clarify my doubt

Regards

Sanjeev.S

Re: Regarding tables

former_member196299 — Tue, 10 Apr 2007 10:55:59 GMT

All the Tables can be accessed if the user is under that client .There is no such restriction possible according to my knowledge .

Thanks

Ranjita

Re: Regarding tables

Former Member — Tue, 10 Apr 2007 10:57:05 GMT

Yes you can restrict the auths for users on tables, all that we have to do is create a authorization field on the table you wish to have restrictions.

the table names are available in DD03L and create an auth field for that entry and assign that auth object to the user.

Re: Regarding tables

Former Member — Tue, 10 Apr 2007 10:58:25 GMT

We use the DISPLAY AND MAINTAINANCE attribute for this ...

while u r creating the table .. u will get the tab DISPLAY AND MAINTAINANCE.. beside FIELDS tab.. here u can set..

If it is not allowed , users cannot see our data..

If allowed with Restriction , users can see our data, but cannot modify..

If allowed then users can enter reocrds and can delete also..

regards,

sai ramesh

Re: Regarding tables

Former Member — Tue, 10 Apr 2007 10:58:48 GMT

hi,

from SAP HELP file:

You can also assign authorization groups to tables to avoid users accessing tables using general access tools (such as transaction SE16). A user requires not only authorization to execute the tool, but must also have authorization to be permitted to access tables with the relevant group assignments. For this case, we deliver tables with predefined assignments to authorization groups. The assignments are defined in table TDDAT; the checked authorization object is S_TABU_DIS.

You can assign a table to authorization group Z000. (Use transaction SM30 for table TDDAT) A user that wants to access this table must have authorization object S_TABU_DIS in his or her profile with the value Z000 in the field DICBERCLS (authorization group for ABAP Dictionary objects).

http://help.sap.com/saphelp_nw04s/helpdata/en/52/67129f439b11d1896f0000e8322d00/content.htm

User/Security tables

DEVACCESS Table of development users including dev access key

USR04 User master authorization (one row per user)

UST04 User profiles (multiple rows per user)

USR10 Authorisation profiles (i.e. &_SAP_ALL)

UST10C Composit profiles (i.e. profile has sub profile)

USR11 Text for authorisation profiles

USR12 Authorisation values

USR13 Short text for authorisation

OBJT Authorisation objetc table

regards,

madhu

Re: Regarding tables

Former Member — Tue, 10 Apr 2007 11:11:44 GMT

Hi Sanjeev,

Check this info.

To Assign Authorization Group

The Authorization group can be created as follows

Transaction SE54 ~~>Select 'Authorization Groups'~~>Create/Change-->New Entries.

Now the authorization group created can be assigned to your table.

When you doesn't want the every user to access the Object developed you have to restrict the user , so you create an authorization object for an orgn unit and provide values like Create/change /display(01,02,03 for ACTVT field).

In general different users will be given different authorizations based on their role in the orgn.

We create ROLES and assign the Authorization and TCODES for that role, so only that user can have access to those T Codes.

USe SUIM and SU21 T codes for this.

Much of the data in an R/3 system has to be protected so that unauthorized users cannot access it. Therefore the appropriate authorization is required before a user can carry out certain actions in the system. When you log on to the R/3 system, the system checks in the user master record to see which transactions you are authorized to use. An authorization check is implemented for every sensitive transaction.

If you wish to protect a transaction that you have programmed yourself, then you must implement an authorization check.

This means you have to allocate an authorization object in the definition of the transaction.

For example:

program an AUTHORITY-CHECK.

AUTHORITY-CHECK OBJECT <authorization object>

ID <authority field 1> FIELD <field value 1>.

ID <authority field 2> FIELD <field value 2>.

...

ID <authority-field n> FIELD <field value n>.

The OBJECT parameter specifies the authorization object.

The ID parameter specifies an authorization field (in the authorization object).

The FIELD parameter specifies a value for the authorization field.

The authorization object and its fields have to be suitable for the transaction. In most cases you will be able to use the existing authorization objects to protect your data. But new developments may require that you define new authorization objects and fields.

http://help.sap.com/saphelp_nw04s/helpdata/en/52/67167f439b11d1896f0000e8322d00/content.htm

Hope this resolves your query.

Reward all the helpful answers.

Regards