2023 Nov 06 5:39 PM
Hi,
One of our project is being developed on BTP ABAP Environment. We are creating some applications there and publish into BTP Build Work Zone. For this project, we need to establish a connection between BTP ABAP Environment user email id and system generated user id. We expect this connection is stored in USR02 table.
However, when I try to access this table, I get unauthorized access message (missing access for S_TABU_NAM). I tried to create an IAM App which I would use in a role, but when I am adding S_TABU_NAM in the app, I get below error message. In this IAM app, I am adding object S_TABU_NAM, with TABLE = 'USR02'.
Error: "Field value USR02 for Auth Object S_TABU_NAM is not released"
Can anyone please suggest how can we get access for USR02 table and what this error indicates?
Thanks
Nitesh Gupta
2023 Nov 06 6:05 PM
Hi Nitesh
You could also try authorisation object S_TABU_DIS
You will need to find out what the DICBERCLS value is for USR02 in advance first so you can assign the correct value in the Role.
Hope that helps
Mark
2023 Nov 07 6:22 AM
Hi Mark,
S_TABU_DIS is not available in Eclipse. I can only see S_TABU_NAM.
Thanks
2023 Nov 07 9:07 AM
Hi Nitesh,
This is not how it works in BTP. You'll have to use a released API such as the CDS View I_IAMBUSINESSUSERLOGONDETAILS if this contains the information you're looking for. Anything else should be reported as a security bug to SAP.
Thanks to Lars, you have a nice index of the released API's available here https://abapedia.org/steampunk-2305-api/
The official API documentation from SAP is available here https://api.sap.com.
I think, I'm going to provide a training about security considerations for BTP ABAP soon at https://academy.no-monkey.com/
Best Regards
Marco