Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Showing results for 
Search instead for 
Did you mean: 

security design

Former Member
0 Kudos
103

Hi Gurus,

how to implement security for tables.i e we have to restrict table access.

Thanks

Regards

1 ACCEPTED SOLUTION

Former Member
0 Kudos
53

Hi

here is the extract from a popular site.. go thru this ..

Critical and custom SAP R/3 tables are restricted.

Execute transaction SUIM

Authorization Object: S_TCODE

Transaction Code: SM31 (enhanced tables maintenance)

Authorization object: S_TABU_DIS

Activity: 02 AND 03

Risk: The risk here is that users who have this access, have the ability to maintain table data directly in the production system. This includes transactional, masterfile, security and configuration data.

Execute transaction SUIM

Authorization Object: S_TCODE

Transaction Code: SM31

Authorization object: S_TABU_DIS

Activity: 02 AND 03

Authorization Object: S_TABU_CLI

Identify if custom transactions have references to authorization objects.

Execute transaction code: SE16

Table name: TSTCA / TSTC

TCODE: Z*

Check table TSTCA and verified that no Z transactions existed. Verified in table TSTC that the majority were secured by Authorization objects. Since all transactions are secured by S_Tcode this control is still effective.

hope this will help you.

with br,

Rajesh .

<i>award suitable points</i>

3 REPLIES 3

Former Member
0 Kudos
54

Hi

here is the extract from a popular site.. go thru this ..

Critical and custom SAP R/3 tables are restricted.

Execute transaction SUIM

Authorization Object: S_TCODE

Transaction Code: SM31 (enhanced tables maintenance)

Authorization object: S_TABU_DIS

Activity: 02 AND 03

Risk: The risk here is that users who have this access, have the ability to maintain table data directly in the production system. This includes transactional, masterfile, security and configuration data.

Execute transaction SUIM

Authorization Object: S_TCODE

Transaction Code: SM31

Authorization object: S_TABU_DIS

Activity: 02 AND 03

Authorization Object: S_TABU_CLI

Identify if custom transactions have references to authorization objects.

Execute transaction code: SE16

Table name: TSTCA / TSTC

TCODE: Z*

Check table TSTCA and verified that no Z transactions existed. Verified in table TSTC that the majority were secured by Authorization objects. Since all transactions are secured by S_Tcode this control is still effective.

hope this will help you.

with br,

Rajesh .

<i>award suitable points</i>

0 Kudos
53

Hi,

Identify the roles (using T-Code SUIM) which has T-code SM31 and object values (02 or 03).

Identify users (SUIM) who all been assinged the above roles.

Either modify the role as per the requirement.

Or

Remove the authorization (Role for that particular user)

Cheers

Soma

Message was edited by:

soma pradeep

Former Member
0 Kudos
53

Hi,

Do in this way. First you should know which object need to protect table. Here is the object need to protect table

S_TABU_DIS

Then create ztransaction as custom transaction or parameter transaction of SE16

Ex: To protect table Mara we we need customized transaction as follows

Go to SE93 and click Create button add this values

ZMara_SE16

Transaction SE16 as taking properties to this customized transaction

Assign the object S_TABU_DIS

Next

Go SE54 and create table authorization Group such as "Demotable"

In Se54 Tcode just click create authorization group it willl go to list of table authozn groups and u will see screen with button "New entry".

So click to New Entry enter your named authn group for table different companies have different naming convention ex. sat

next SAVE it and now you created Authn group

Next you need to assign this group to set of table.

So go to Se16 table enter TDDAT. you will see view of tables and Authn group.

Next click to create button

enter authn group and enter the table one by one

Example: Table "MARA" Authn Group "sat"

Then SAVE it

Assign the t_code to role where user can only access to defined table

So Inthis way you have protected table. Hope you got the right answer.