Skip to Content
avatar image
Former Member

SE16 Display Access only

I just want to give out SE16 display access for the all the tables

so that user can not mannually enter values in it?

We are on NW2004s SR2. I have went in SU24 and assigned

S TABU DIS 03 I also checked the value for A oject in Roles

for all the Auth. Groups to 03.

Anything else I need to do ?

What vaule should I assign to S TABU CLI ?

From,

PT.

Add comment
10|10000 characters needed characters exceeded

  • Follow
  • Get RSS Feed

4 Answers

  • Best Answer
    avatar image
    Former Member
    Oct 03, 2008 at 10:19 AM

    I belive there is a sap note for it which tells to do a program change and create a custom t code which removes change access to se16.

    We have implemented this for our system and it works fine. Need to find that sap note though.

    Thanks,

    Yogesh

    Add comment
    10|10000 characters needed characters exceeded

  • Oct 17, 2007 at 05:06 PM

    Ensuring that S_TABU_DIS ACTVT=03 is all you need to do.

    You can leave S_TABU_CLI blank as users shouldn't need it if only displaying table data.

    Users should not have access to DEBUG mode via S_DEVELOP as this will let them bypass this (and pretty much any other security that you have put in)

    Add comment
    10|10000 characters needed characters exceeded

  • Oct 18, 2007 at 05:07 AM

    You try all the things suggested above or you can simply give access to transaction SE17 - General Table Display.

    Add comment
    10|10000 characters needed characters exceeded

    • Former Member Former Member

      Another (perhaps better) option is SE16N? It has many more usefull features (the clipboard, graphics, etc - see the toolbar!) and if the user has the correct authorizations then it should be okay (if you have implemented some oldish SAP notes...).

      I also browse SAP tables and it is very usefull - but I am always weary of the fact that I might be making assumptions about how the system works based on tables only... where the system itself (the programs) might use these tables and fields in a different way than what I am assuming, or what the field names appear to indicate on their own, or the programs might change...

      Even if you can display tables; be carefull of them! The chances of making mistakes are fairly good.

      Cheers,

      Julius

  • Oct 18, 2007 at 09:25 AM

    Hi Pranav,

    usually NOONE should have access to all tables. As SE16 allows client independent table display, data protection is at stake here. People will also be allowed to see security relevant tables (authorizations etc.) which may lead to serious problems.

    SE16 is usually a poor excuse for incomplete functional access. If people really do need to look at the tables directly (are there no transactions or reports that provide the infomation?), you're much better off creating table views especially for these cases.

    The auditors will not like SE16 in production...

    Frank.

    Add comment
    10|10000 characters needed characters exceeded