04-10-2007 11:49 AM
Can any one explain me how to give authorizations for table.
Is it possible to give proper authorizations so that only certains users can access
my table.
How can we restrict users to acess certain tables in sap
Please clarify my doubt
Regards
Sanjeev.S
04-10-2007 11:55 AM
All the Tables can be accessed if the user is under that client .There is no such restriction possible according to my knowledge .
Thanks
Ranjita
04-10-2007 11:57 AM
Yes you can restrict the auths for users on tables, all that we have to do is create a authorization field on the table you wish to have restrictions.
the table names are available in DD03L and create an auth field for that entry and assign that auth object to the user.
04-10-2007 11:58 AM
We use the DISPLAY AND MAINTAINANCE attribute for this ...
while u r creating the table .. u will get the tab DISPLAY AND MAINTAINANCE.. beside FIELDS tab.. here u can set..
<b>If it is not allowed </b>, users cannot see our data..
<b>If allowed with Restriction</b> , users can see our data, but cannot modify..
<b>If allowed</b> then users can enter reocrds and can delete also..
regards,
sai ramesh
04-10-2007 11:58 AM
hi,
from SAP HELP file:
You can also assign authorization groups to tables to avoid users accessing tables using general access tools (such as transaction SE16). A user requires not only authorization to execute the tool, but must also have authorization to be permitted to access tables with the relevant group assignments. For this case, we deliver tables with predefined assignments to authorization groups. The assignments are defined in table TDDAT; the checked authorization object is S_TABU_DIS.
You can assign a table to authorization group Z000. (Use transaction SM30 for table TDDAT) A user that wants to access this table must have authorization object S_TABU_DIS in his or her profile with the value Z000 in the field DICBERCLS (authorization group for ABAP Dictionary objects).
http://help.sap.com/saphelp_nw04s/helpdata/en/52/67129f439b11d1896f0000e8322d00/content.htm
User/Security tables
DEVACCESS Table of development users including dev access key
USR04 User master authorization (one row per user)
UST04 User profiles (multiple rows per user)
USR10 Authorisation profiles (i.e. &_SAP_ALL)
UST10C Composit profiles (i.e. profile has sub profile)
USR11 Text for authorisation profiles
USR12 Authorisation values
USR13 Short text for authorisation
OBJT Authorisation objetc table
regards,
madhu
04-10-2007 12:11 PM
Hi Sanjeev,
Check this info.
To Assign Authorization Group
The Authorization group can be created as follows
Transaction SE54 >Select 'Authorization Groups'>Create/Change-->New Entries.
Now the authorization group created can be assigned to your table.
When you doesn't want the every user to access the Object developed you have to restrict the user , so you create an authorization object for an orgn unit and provide values like Create/change /display(01,02,03 for ACTVT field).
In general different users will be given different authorizations based on their role in the orgn.
We create ROLES and assign the Authorization and TCODES for that role, so only that user can have access to those T Codes.
USe SUIM and SU21 T codes for this.
Much of the data in an R/3 system has to be protected so that unauthorized users cannot access it. Therefore the appropriate authorization is required before a user can carry out certain actions in the system. When you log on to the R/3 system, the system checks in the user master record to see which transactions you are authorized to use. An authorization check is implemented for every sensitive transaction.
If you wish to protect a transaction that you have programmed yourself, then you must implement an authorization check.
This means you have to allocate an authorization object in the definition of the transaction.
For example:
program an AUTHORITY-CHECK.
AUTHORITY-CHECK OBJECT <authorization object>
ID <authority field 1> FIELD <field value 1>.
ID <authority field 2> FIELD <field value 2>.
...
ID <authority-field n> FIELD <field value n>.
The OBJECT parameter specifies the authorization object.
The ID parameter specifies an authorization field (in the authorization object).
The FIELD parameter specifies a value for the authorization field.
The authorization object and its fields have to be suitable for the transaction. In most cases you will be able to use the existing authorization objects to protect your data. But new developments may require that you define new authorization objects and fields.
http://help.sap.com/saphelp_nw04s/helpdata/en/52/67167f439b11d1896f0000e8322d00/content.htm
Hope this resolves your query.
Reward all the helpful answers.
Regards