Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Showing results for 
Search instead for 
Did you mean: 

Limiting Authorization Check to 1 Table

Former Member
0 Kudos
289

Hi,

I have to limit access to the table LFA1 (Vendor Master) and at the same time allow access to tables LFB1, LFM1 etc. Earlier the person working on this suggested we will remove the Authorization Group "FA" from the role. This lead to a problem as users were not able to access any of the tables having the authorization group "FA" which included LFB1, LFM1 etc...So this strategy failed...

Another thing which we looked at was Removing Authorization object "FA" from LFA1 but that can lead to other unknown problems..

Now we are looking for some other alternative(s).. Any suggestions would be highly appreciated.

Edited by: Varun Vijh on Mar 26, 2008 4:07 PM

5 REPLIES 5

Former Member
0 Kudos
99

Hi,

ask your BASIS PERSON TO DO THAT WORK

they only deal with authorizations

Regards,

V.Balaji

Reward if usefull

0 Kudos
99

Let me put it this way we want to try if progrmatically something is possible. Say getting into the program which is called by SE16 and then playing around with that to meet this requirement? Or any other suggestions?

matt
Active Contributor
0 Kudos
99

Can you clarify - you want some users to be able to access LFB1 through SE16, but not LFA1, for example?

You do (your client does) know that allowing user access to underlying tables is a bad idea? They can easily create a query that is unoptimised and bring your system to a halt. SAP recommend strongly that you do not allow such access.

If users really need access to tables directly, then I'd use ABAP Query, or a (very quickly and easily built) custom transaction. Then you can control it how you like.

( In response to the initial reply - perhaps it's basis who do this on your site; it isn't necessarily true for all sites).

matt

0 Kudos
99

Yes your understanding is correct.

I know that direct access to underlying tables is a bad idea...But that is a norm at my client and changing that would be time consuming... Though I have initiated that...

What is your idea behind attaching a custom transaction?

I need to provide users with SE16 view access to LFB1 but not LFA1..

Oliver_Baer
Explorer
0 Kudos
99

Hi,

you can change the Authorization Group "FA" in table "LFA1" to something different (e.h. "ZFA").