-
Products and Technology
By Category
-
Groups
Activity Groups
Industry Groups
Influence and Feedback Groups
Interest Groups
Location Groups
Customer Only Groups
- Developers
- Partners
- Events
- Help Center
- Topic Pages
-
Explore SAP
Products
Learning and Support
-
- Products and Technology
- Groups
- Developers
- Partners
- Events
- Help Center
- Topic Pages
-
Explore SAP
- Explore SAP
-
Products
- Products
- SAP Business Suite
- Artificial Intelligence
- Business applications
- Data and analytics
- Technology Platform
- Financial Management
- Spend Management
- Supply Chain Management
- Human Capital Management
- Customer Experience
- SAP Business Network
- View products A-Z
- View industries
- Try SAP
- Partners
- Services
- Learning and Support
- About
- SAP Community
- Groups
- Interest Groups
- Application Development and Automation
- Discussions
- Table Level Security
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Table Level Security
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎2009 Aug 06 4:49 PM
- SAP Managed Tags
- Security
I am working with the EH&S system and need to find a way to restrict access to certain data. An example would be restricting the ability to view composition data. (Stored in table ESTVP). Does anyone have any idea how to do this?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎2009 Aug 06 5:05 PM
- SAP Managed Tags
- Security
I would investigate the possibility of moving that table to its own authorization group and then limiting access to that authorization gruop.
Two things to be concerned about, off the top of my head:
Current access to that table would suddenly stop.
Would SAP have an issue with customers moving delivered tables to custom auth groups.
On the security side, you would have to modify any current roles that need access to this table to include the new auth group if any.
Create a new role or modify existing ones for the users that need to access this table.
J.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎2009 Aug 06 5:05 PM
- SAP Managed Tags
- Security
I would investigate the possibility of moving that table to its own authorization group and then limiting access to that authorization gruop.
Two things to be concerned about, off the top of my head:
Current access to that table would suddenly stop.
Would SAP have an issue with customers moving delivered tables to custom auth groups.
On the security side, you would have to modify any current roles that need access to this table to include the new auth group if any.
Create a new role or modify existing ones for the users that need to access this table.
J.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎2009 Aug 06 5:19 PM
- SAP Managed Tags
- Security
Hi James,
You can do this with the auth object S_TABU_DIS , with corresponding auth group and actvity.
If the users are directly accessing the table through SM30, SE16 or SE11 .. etc, you can better have an table transaction created for this table (an abaper could help you in creating this) and can restrict the access by assigning to the appropriate roles.
Nanda
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎2009 Aug 28 10:09 AM
- SAP Managed Tags
- Security
Dear James,
Table level security is provided mainly by three authorization objects S_TABU_DIS, S_TABU_LIN , S_TABU_CLI .
S_TABU_DIS is used to restrict the acces to a table through the authorization group assigned to that table and the activity give.
S_TABU_LIN ,, If you want to secure more i.e , table for specific company code , you can use S_TABU_LIN where you will specify the Organizational criteria to restrct the access.
S_TABU_CLI can be used to restrict the cross client table access
Thank you
Bluesky