2008 Jun 05 8:54 AM
the table can work at background but user doesn't into se16 transaction.how can I do that case ?
2008 Jun 05 9:27 AM
Don't give the user SE16 or any other table maintenance transaction/function.
To elaborate, access to tables is restricted by S_TABU_DIS. If the code in a particular program invokes an authorisation check when accessing table data then you generally need to satisfy that check with the relevant table auth group. If you also give se16/17 etc then the user will inherit those auths and be able to access tables assigned to the groups you have given previously.
Edited by: Alex Ayers on Jun 5, 2008 10:11 AM
2008 Jun 05 2:07 PM
2008 Jun 05 2:12 PM
could you be a little more precise in what you're asking. somehow Alex is able to make sense of your question, but I'm afraid I'm not...
2008 Jun 05 2:19 PM
What I described is the default behaviour of SAP. If you give anyone access to display or maintain tables via SE16 etc then they will inherit the auths as I described.
If you want users to access table data then the tables should be linked to a transaction and the users given those transactions in their roles.
The alternative is to accept the risk and minimise this by ensuring that users don't have access to all auth groups in S_TABU_DIS
2008 Jun 05 2:26 PM
Hi Dimitri,
My understanding is:
User needs to do stuff which requires table auths.
User also needs to view some tables & has been given SE16
Question is that is there any way to prevent the user from seeing tables belonging to the table auth groups which the user needs access to for their general transactional processing.
2008 Jun 05 2:47 PM
My interpretation is slightly different: User should be able to access / update tables in background, without needing to have tcode SE16. So a report is sought.
2008 Jun 05 2:49 PM
Hi all
solution is: create a parameter transaction , this is the best way to limit the user to a certain table without a backdoor as when you restict on S_TABU_DIS
2008 Jun 05 3:02 PM
>
> Hi all
>
> solution is: create a parameter transaction , this is the best way to limit the user to a certain table without a backdoor as when you restict on S_TABU_DIS
I agree........assuming my interpretation is right & Julius' is wrong
2008 Jun 05 3:34 PM
Hi Gulsah
My assumption is User has access to process the Table in Background using batch jobs, but he cannot access it through SE16 transaction..
Right?
refer to the following link
http://help.sap.com/saphelp_nw70/helpdata/en/cf/21eb6e446011d189700000e8322d00/content.htm
"choose an entry from the dropdown box for the Data Browser/Table View Maintenance field. Choose Table maintenance allowed on this tab page if users with the corresponding authorization may change the data in the table using the Data Browser (Transaction SE16). For more information refer to the available options in Data Browser/Table View Maintenance."
Hope this helps