Scribd Logo
Importer

Bienvenue sur Scribd !

  • Table Level Restriction

    Transféré par

    Shiva Kumar
    44 vues7 pages
    This document discusses table level access restrictions in SAP. It explains that standard SAP tables and customized tables contain all SAP data. The S_TABU_DIS authorization object and its two fields, ACTVT and DICBERCLS, are used to restrict access at the table level by assigning specific tables to authorization groups, which are then assigned to user roles. The steps provided show how to create an authorization group in SE54, map tables to the group, and add the group to roles to control user access to individual tables.

    Description originale:

    SAP SECURITY

    Copyright

    © © All Rights Reserved

    Formats disponibles

    DOCX, PDF, TXT ou lisez en ligne sur Scribd

    Avez-vous trouvé ce document utile ?

    Ce contenu est-il inapproprié ?

    Signaler ce document
    This document discusses table level access restrictions in SAP. It explains that standard SAP tables and customized tables contain all SAP data. The S_TABU_DIS authorization object and its two fields, ACTVT and DICBERCLS, are used to restrict access at the table level by assigning specific tables to authorization groups, which are then assigned to user roles. The steps provided show how to create an authorization group in SE54, map tables to the group, and add the group to roles to control user access to individual tables.

    Droits d'auteur :

    © All Rights Reserved
    Téléchargez comme DOCX, PDF, TXT ou lisez en ligne sur Scribd
    Signaler comme contenu inapproprié
    44 vues7 pages

    Table Level Restriction

    Transféré par

    Shiva Kumar
    This document discusses table level access restrictions in SAP. It explains that standard SAP tables and customized tables contain all SAP data. The S_TABU_DIS authorization object and its two fields, ACTVT and DICBERCLS, are used to restrict access at the table level by assigning specific tables to authorization groups, which are then assigned to user roles. The steps provided show how to create an authorization group in SE54, map tables to the group, and add the group to roles to control user access to individual tables.

    Droits d'auteur :

    © All Rights Reserved
    Téléchargez comme DOCX, PDF, TXT ou lisez en ligne sur Scribd
    Signaler comme contenu inapproprié
    sur 7

    Table level restriction

    I am posting this topic in question and answers method,


    hope you like it. These que & ans are inter linked with
    another, read orderly to avoid confusion

    S_TABU_DIS AUTH OBJECT AND ITS FIELDS
    What is se16/sm30...
    It is a data browser .User can access tables by using these
    T codes.

    What does table contain?
    All the sap data stored in the form of tables. some of the
    tables have sensitive information which cannot accessed
    by every employee like vendor details, Profit & Loss
    reports, Salary details etc.,

    Table are two types

    1)Standard:These tables comes with sap installation
    2)Customized:These tables are created manually based on
    requirement

    What happen if user has access to se16/sm30...
    If user has se16/sm30 access, user can access to tables
    whether it standard or customized tables...It leads to
    excessive access.

    If we remove se16/sm30 access?
    It is a bad idea to remove t code from user why because
    users need some information as per their business process
    .if we removes user cant access to those data


    Then what has security admin to do....
    Security admin find out which tables are require for user,
    create a authorization group and map these tables to user.
    Assign this authorization group to user via S_TABU_DIS.

    What is S_TABU_DIS
    It is a authorization object of se16/sm30 used for table
    level restriction. It has two fields
    One is (ACTVT) field contains permitted operations, we
    have to give tick mark
    Secondly DICBERCLS in this field we give authorization
    group name.
    Once a user has access a particular table authorization
    group, the user can access all tables linked to the
    authorization group..

    How to create authorization group....
    In Se54 we create authorization group.Authorization
    group it self is empty.we map the tables to it. the default
    authorization group is SC.

    1)Hit SE54
    2)Choose AUTHORIZATION GROUP
    3) click on CREATE/CHANGE button.

    4) Click on NEW ENTRIES


    Enter Authorization group name in AUGR filed,max limit
    is 4 characters and Enter description

    Click on CREATE REQUEST or OWN REQUEST(here am
    showing" create request")


    Here SHORT DESCRIPTION is mandatory. maintain
    meaning full description to identify easily.
    usually every company has their own naming convention.


    How to map the tables to authorization group and to add
    authorization group to roles...
    1)Choose ASSIGN AUTHORIZATION GROUP
    2)Click on CREATE/CHANGE

    3)Choose TABLE NAME and AUTHORIZATION GROUP


    Enter table names what ever you want give access to user
    in FROM and TO and also
    Hit authorization group name


    Add Auth Group to Role :

    Open PFCG and enter role.
    5. Add T code SE16 in menu tab.


    Go to Authorization tab ->change authorization data
    6.Now Add authorization group name that you have
    created in SE54 in AUTHORIZATION GROUP Field of
    S_TABU_DIS.

    Vous aimerez peut-être aussi