2023 Jul 31 8:16 PM
Hi
I've requirement to keep in a role the transaction SE16 transaction but need to exclude BUT0BK/BUT0ID/Z3IN018T/Z3IN019T Tables.
Someone can help
2023 Aug 01 1:38 AM
Look into authorization object S_TABU_NAM and S_TABU_DIS.
You can explicitly grant access to individual tables via S_TABU_NAM, while S_TABU_DIS grants access based on the table group (should your table be part of sich a group (you can verify in tables TDDAT).
Excluding individual tables can be tedious as you might have to use ranges that do not include the critical tables.
2023 Aug 01 2:22 PM
HI,
Thank you for your answer. Yes its very complicated because we have a lot of table. Do you know (or someone else) another way to exclude just 4 tables)?
Thank you
2023 Aug 01 2:41 PM
Hello,
by using the ranges in the authorizations you can achieve excluding single tables.
S_TABU_NAM with ACTVT 03 (or whatever you need) and ranges for TABLE:
/ - BUT0BJ
BUT0BL - BUT0IC
BUT0IE - Z3IN018S
Z3IN018U - Z3IN019S
Z3IN019U - Z9999999
And of course with S_TABU_DIS - in case authorizations for S_TABU_DIS are given for the targeted users - the same is to be done (using the authorization groups of the tables to be excluded).
Kind regards
Jan
2023 Aug 01 4:03 PM
Thank you I will try this. I know its very difficult. The more simple is to exclude the SE16 transaction but we cant ...
I will take all the idea.
Thanks again!
2023 Aug 02 12:10 PM
Hi Sara,
you can create a custom authorization group for object S_TABU_DIS in STBRG (e.g. ZSEC) and assign this group to the relevant tables that you want to protect in STDDAT.
Then you can define a range of authorization groups in S_TABU_DIS which excludes this authorization group ZSEC.
Refer also to the SAP notes 1855406 and 2356982
Kind regards,
Ralph
2023 Aug 02 9:49 PM
Hi Ralph
I will try that tomorrow because I have exclude too much table with the first solution.
I will have to create an autorization group and define a range of authorization.
Thanks a lot.