Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Showing results for 
Search instead for 
Did you mean: 

Need to exclude access to sometables in a role

sadevern
Explorer
0 Kudos
959

Hi

I've requirement to keep in a role the transaction SE16 transaction but need to exclude BUT0BK/BUT0ID/Z3IN018T/Z3IN019T Tables.

Someone can help

6 REPLIES 6

Janek_Niefeldt
Explorer
794

Look into authorization object S_TABU_NAM and S_TABU_DIS.

You can explicitly grant access to individual tables via S_TABU_NAM, while S_TABU_DIS grants access based on the table group (should your table be part of sich a group (you can verify in tables TDDAT).

Excluding individual tables can be tedious as you might have to use ranges that do not include the critical tables.

sadevern
Explorer
0 Kudos
794

HI,

Thank you for your answer. Yes its very complicated because we have a lot of table. Do you know (or someone else) another way to exclude just 4 tables)?

Thank you

jmodaal
Active Contributor
0 Kudos
794

Hello,

by using the ranges in the authorizations you can achieve excluding single tables.

S_TABU_NAM with ACTVT 03 (or whatever you need) and ranges for TABLE:

/ - BUT0BJ
BUT0BL - BUT0IC BUT0IE - Z3IN018S Z3IN018U - Z3IN019S Z3IN019U - Z9999999

And of course with S_TABU_DIS - in case authorizations for S_TABU_DIS are given for the targeted users - the same is to be done (using the authorization groups of the tables to be excluded).

Kind regards

Jan

sadevern
Explorer
0 Kudos
794

Thank you I will try this. I know its very difficult. The more simple is to exclude the SE16 transaction but we cant ...

I will take all the idea.

Thanks again!

r_werner
Explorer
794

Hi Sara,

you can create a custom authorization group for object S_TABU_DIS in STBRG (e.g. ZSEC) and assign this group to the relevant tables that you want to protect in STDDAT.

Then you can define a range of authorization groups in S_TABU_DIS which excludes this authorization group ZSEC.

Refer also to the SAP notes 1855406 and 2356982

Kind regards,

Ralph

sadevern
Explorer
0 Kudos
794

Hi Ralph

I will try that tomorrow because I have exclude too much table with the first solution.

I will have to create an autorization group and define a range of authorization.

Thanks a lot.