12-14-2006 2:56 PM
Hi SDN
I am currently implementing Fixed assets and have a problem with the security on one of the key tables.
Table T090L accesable via transaction AO25 is a table that holds production and reserve values which are input by Fiscal period / year , however the table security is not controlled via the 'posting period vaiant' control (OB52).
The problem I have is that AO25 will allow you to change the values in prior years/periods even though those periods are now closed and the figures have been used in their appropriate calculations.
I wish to be able to restrict periods for user change to avoid prior period adjustments in line with OB52.
Any insight greatly appreciated
Regards
Mark
12-14-2006 5:17 PM
Hello,
to maintain table T090L the user needs S_TABU_DIS (ACTVT:02 and DICBERCLS: AC). But this table class is used for 515 other tables. I f you really need to restrict it, you should assign another special table class to T090L. The tool for that is the transaction SE54.
Best wishes for succes,
Dieter.
12-14-2006 5:17 PM
Hello,
to maintain table T090L the user needs S_TABU_DIS (ACTVT:02 and DICBERCLS: AC). But this table class is used for 515 other tables. I f you really need to restrict it, you should assign another special table class to T090L. The tool for that is the transaction SE54.
Best wishes for succes,
Dieter.
12-15-2006 1:18 PM
Hi,
Thanks for the reply..
Yes while this will allow me to control if a user can view and change the table contents using change permission and table groups, it does not allow me to limit what lines related to specific year/periods that the user may change.
This is an all or nothing authorisation...
I wish to limit the ability to change the contents driven by the Year/period keys..
Regards
12-16-2006 2:05 PM
Hi
Yes - if you want to control access on line level S_TABU_DIS is the correct object.
But please notice that this object wil require you to implement note 76329, if your going to use it in SE16 - if access is provided through SM30 (or a parameter transaction based on this t-code), this note won't be relevant.
I have created a small How-to guide for customising S_TABU_LIN - you can find it here if interested
http://www.mortenhjorthnielsen.dk/Security/S_TABU_LIN.htm
Regards
Morten Nielsen
12-18-2006 8:27 AM
What release and support pack elevel are your on?
It might be worth your while to investigate whether it can be done with customizing before you go the s_tabu_lin route.
Cheers,
Julius
12-15-2006 2:00 PM
Okay,
now it will be a little bit more difficult. Please check the documentation for authorization object S_TABU_LIN (via SU21) - that should help .
12-16-2006 7:16 PM
Hi Mark,
I too agree with Morten. S_TABU_LIN will be the right approach for this issue.
Apply it on the fields :
GGJAHR
AFPER
of the table T090L .
After that provide suitable authorizations to the user for s_tabu_lin.
Regards.
Ruchit.
12-19-2006 10:43 AM
Hi Guys
Yes it looks like the authorisation S_TABU_LIN is the very fellow for the job.
Now the but...
I am working on a company using 4.6B, yes its still out there. I have checked and the Auth object 'S_TABU_LIN' is in there, howvere the steps highlighted in the excellent 'how to' by moreton do not apply.
How do I / Is it possible to link the authorisation 'S_TABU_LIN' to T090L in 4.6B.
How do I / is it possible to create additional organisation criteria.
Cheers
Mark
12-19-2006 11:03 AM
Hi Mark
Unfortunately the S_TABU_LIN only is delivered for HR from 4.6C, and system wide for 5.0.
In 4.6B it must have been a part of a support package delivery, and I'm not quite sure that it can be applied on a 4.6B
For this scenario on 4.6B you may need to create your own "maintenance" application/view in order to control the access on key level.
So - now you have got another great (or small) reason to consider an upgrade
Regards
Morten Nielsen
12-19-2006 1:51 PM
Cheers Morten
I figured that 4.6B would be a little limited, as it always is. Thats why there are new versions, however explaing that to clients....
Guess i will stick with the S_TABU_DIS, make sure the users are aware
of their impact on changing the numbers and stick on Table logging to track the changes
to a user when they mess up.
Company won't pay for the additional tech/test time for such a trivial security requirement, i figured if it was an easy security configuration i would propose that.
4.6B hoo humm. However there is an upgrade planned for 2011 though.
Closing Call
Regards
Mark
12-19-2006 1:52 PM
Thanks to all suggestions
as expected SAP 4.6B is a little limited without diving into custom config.
Regards
Mark