Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Showing results for 
Search instead for 
Did you mean: 

Restict the the Display Access for the Master Data

Former Member
0 Kudos
439

Friends

I am trying to restrict the Display Access for the HR Master Data in RSA1.

I am using S_RS_IOMAD Auth Obect and removed all the HR info catalog.

However, when I go to RSA1 ->> DSI Master Data -> HR Master Data ->>> and right click on any of the HR info objects

and select mantain Master Data ->>> I get below Message.

" You have access to display Master data only"

If click, continue or enter, it does display HR master data even though HR info catalog is removed from S_RS_IOMAD Auth Object.

The Role only has

S_RS_ICUBE for Update Rules and Definition Display Only.

S_RS_IOBJ for Update Rule and Definition without HR Info obj Catalog.

S_RS_IOMAD with only FI info area in it.

Am I missing anything here? How can I restrict the Display of Master Data ?

From

Pranav

1 ACCEPTED SOLUTION

Former Member
0 Kudos
133

Hi Pranav,

Put a trace on the user ID and check out which object is actually giving the diaplay authorization of master data table. By restricting that object you might be able to restrict the display access as well.

12 REPLIES 12

Former Member
0 Kudos
134

Hi Pranav,

Put a trace on the user ID and check out which object is actually giving the diaplay authorization of master data table. By restricting that object you might be able to restrict the display access as well.

0 Kudos
133

Hi,

I checked in the Trace also, but did not get any information from it.

From

Pranav

0 Kudos
133

Hi Pranav,

Just check , wheather you are maintaing direct assignment of authorization to users not involving role and users are getting the data from there.

0 Kudos
133

Hi,

As you wanted to restrict display access to HR master data only, I sugegst you to provide only minimum access.

for example S_TCODE- RSA1 and S_RS_IOMAD. Do not give any other BW auth. object access. Then see if you are able to restrict HR master data.

please let me know result of this scenario.

Best Regards

Imran

0 Kudos
133

Hi Pranav,

In trace did you get any object with field ACTVT as 03?? Have you tried restricting it?

If all this does not help then discuss the same with the developer and check if you can restrict the desired table by auth groups.If this works then you can restrict the table "display" , "delete", "Maintain" etc by putting these auth groups in S_TABU_DIS .

0 Kudos
133

Yes, I tried with deactivating all other objects only keeping the only S_RS_IOMAD active and still getting the same error message.

Before I speak to Developer, how can I find the Auth Group of these tables for the Info objects in HR master data node?

Please let me know.

Thanks,

Pranav

0 Kudos
133

Hi Pranav,

To check the authorization group for table check the Table TDDAT in SE16. It contains the entry of table assigned to authorization group. This relationship is maintained in SE54 transaction...

0 Kudos
133

I know that part.

However, How do I know the table name for specific Info object?

Please advise.

Thanks,

From,

Pranav

0 Kudos
133

I tried all the /BI0/* Tables and they are not showing up in the TDDAT.

Example /BI0/TGENDER for the Gender.

/BI0/OIEMPLSTATUS for the employee status.

Some of the info objects does not have any table mentioned in the Object overview -> Tab MaterData text.

Thanks,

From

Pranav

0 Kudos
133

To all Friends

The issue was with the Info objects in too many catalogs.

Nothing was wrong with Security.

From

Pranav

0 Kudos
133

Pranav,

Have u checked the report again after securing the infoobject correctly. Is it working fine.

Former Member
0 Kudos
133

The issue with the problem was found.