Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Controll of Table T090L in transaction AO25 used in FI-AA

Go to solution
Former Member

‎12-14-2006 2:56 PM

0 Kudos

Hi SDN

I am currently implementing Fixed assets and have a problem with the security on one of the key tables.

Table T090L accesable via transaction AO25 is a table that holds production and reserve values which are input by Fiscal period / year , however the table security is not controlled via the 'posting period vaiant' control (OB52).

The problem I have is that AO25 will allow you to change the values in prior years/periods even though those periods are now closed and the figures have been used in their appropriate calculations.

I wish to be able to restrict periods for user change to avoid prior period adjustments in line with OB52.

Any insight greatly appreciated

Regards

Mark

1 ACCEPTED SOLUTION

Go to solution
dieter_goedel
Advisor
Advisor

‎12-14-2006 5:17 PM

0 Kudos

Hello,

to maintain table T090L the user needs S_TABU_DIS (ACTVT:02 and DICBERCLS: AC). But this table class is used for 515 other tables. I f you really need to restrict it, you should assign another special table class to T090L. The tool for that is the transaction SE54.

Best wishes for succes,

Dieter.

10 REPLIES 10

Go to solution
dieter_goedel
Advisor
Advisor

‎12-14-2006 5:17 PM

0 Kudos

Hello,

to maintain table T090L the user needs S_TABU_DIS (ACTVT:02 and DICBERCLS: AC). But this table class is used for 515 other tables. I f you really need to restrict it, you should assign another special table class to T090L. The tool for that is the transaction SE54.

Best wishes for succes,

Dieter.

Go to solution
Former Member
In response to dieter_goedel

‎12-15-2006 1:18 PM

0 Kudos

Hi,

Thanks for the reply..

Yes while this will allow me to control if a user can view and change the table contents using change permission and table groups, it does not allow me to limit what lines related to specific year/periods that the user may change.

This is an all or nothing authorisation...

I wish to limit the ability to change the contents driven by the Year/period keys..

Regards

Go to solution
morten_nielsen
Active Contributor
In response to dieter_goedel

‎12-16-2006 2:05 PM

0 Kudos

Hi

Yes - if you want to control access on line level S_TABU_DIS is the correct object.

But please notice that this object wil require you to implement note 76329, if your going to use it in SE16 - if access is provided through SM30 (or a parameter transaction based on this t-code), this note won't be relevant.

I have created a small How-to guide for customising S_TABU_LIN - you can find it here if interested

http://www.mortenhjorthnielsen.dk/Security/S_TABU_LIN.htm

Regards

Morten Nielsen

Go to solution
Former Member
In response to dieter_goedel

‎12-18-2006 8:27 AM

0 Kudos

What release and support pack elevel are your on?

It might be worth your while to investigate whether it can be done with customizing before you go the s_tabu_lin route.

Cheers,

Julius

Go to solution
dieter_goedel
Advisor
Advisor

‎12-15-2006 2:00 PM

0 Kudos

Okay,

now it will be a little bit more difficult. Please check the documentation for authorization object S_TABU_LIN (via SU21) - that should help .

Go to solution
Former Member

‎12-16-2006 7:16 PM

0 Kudos

Hi Mark,

I too agree with Morten. S_TABU_LIN will be the right approach for this issue.

Apply it on the fields :

GGJAHR

AFPER

of the table T090L .

After that provide suitable authorizations to the user for s_tabu_lin.

Regards.

Ruchit.

Go to solution
Former Member
In response to Former Member

‎12-19-2006 10:43 AM

0 Kudos

Hi Guys

Yes it looks like the authorisation S_TABU_LIN is the very fellow for the job.

Now the but...

I am working on a company using 4.6B, yes its still out there. I have checked and the Auth object 'S_TABU_LIN' is in there, howvere the steps highlighted in the excellent 'how to' by moreton do not apply.

How do I / Is it possible to link the authorisation 'S_TABU_LIN' to T090L in 4.6B.

How do I / is it possible to create additional organisation criteria.

Cheers

Mark

Go to solution
morten_nielsen
Active Contributor
In response to Former Member

‎12-19-2006 11:03 AM

0 Kudos

Hi Mark

Unfortunately the S_TABU_LIN only is delivered for HR from 4.6C, and system wide for 5.0.

In 4.6B it must have been a part of a support package delivery, and I'm not quite sure that it can be applied on a 4.6B

For this scenario on 4.6B you may need to create your own "maintenance" application/view in order to control the access on key level.

So - now you have got another great (or small) reason to consider an upgrade

Regards

Morten Nielsen

Go to solution
Former Member
In response to Former Member

‎12-19-2006 1:51 PM

0 Kudos

Cheers Morten

I figured that 4.6B would be a little limited, as it always is. Thats why there are new versions, however explaing that to clients....

Guess i will stick with the S_TABU_DIS, make sure the users are aware

of their impact on changing the numbers and stick on Table logging to track the changes

to a user when they mess up.

Company won't pay for the additional tech/test time for such a trivial security requirement, i figured if it was an easy security configuration i would propose that.

4.6B hoo humm. However there is an upgrade planned for 2011 though.

Closing Call

Regards

Mark

Go to solution
Former Member

‎12-19-2006 1:52 PM

0 Kudos

Thanks to all suggestions

as expected SAP 4.6B is a little limited without diving into custom config.

Regards

Mark