Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

authorization group cannot add

Former Member

‎01-29-2008 11:44 AM

0 Kudos

Hi

I want to define the additional authorization group on the following tables.

v_tvm1

v_tvm2

v_tvm3

v_tvm4

v_tvm5

I have generated the access key for the v_tvm1 to check the scenario, the existing authorization object of the following tables are "VA" SD: Appl. table.

I have overwriten the authorization object and generate the new request which solved our problem but the existing authorization group might be pre-requisites for the SD Application and may arise inconsistences in the future.

I don't want to the users should authroized with the default authorization group "VA", otherwise, the users get unauthorized access of the tables whose authorization group are "VA"

I want to assign the new authorization group on the following table and restrict them by the new authorization group.So that, users will restricted by those tables have authorization group are "ZMMT"

When i add the new authorization group in the table maintenance by the se11, the process has been ended with the below popup

Choose the key from the allowed namespace

Message no. SV019

Diagnosis

You have attempted to create an entry and have used a key which is not

in your namespace.

This can cause problems in later upgrades because the entry could be

overwritten by an import, or overwrite an existing entry.

Procedure

Check your entry and try to enter a key value from your namespace.

You can display the namespace definition with RDDKOR54.

Please advise us. or do you recommending me to overwrite the existing authorization group on the following tables. ?

REgares

Anwer Waseem

SAP BASIS

4 REPLIES 4

Former Member

‎01-29-2008 11:57 AM

0 Kudos

Hi Anwer

Why do you need to change the auth group on them?

Just get the users to access them via the tx linked to those views (check out Julius' post on the following thread https://forums.sdn.sap.com/click.jspa?searchID=8407692&messageID=4723045 ) and keep the standard VA auth group. Users shold not be able to access them in prod in any other way, especially not via SM30 etc.

Former Member
In response to Former Member

‎01-29-2008 12:44 PM

0 Kudos

Hi

You are absolutely right, this role will assign to super users who is authorized on the sm30 with the few customized tables and restricted by the authorization group, so that, super users is restricted not to play with the other tables, but with this additional role assigning to him, he will authroized on the SD tables whose authorization group are "VA"

Please advise us.

Regards

Anwer Waseem

SAP BASIS

Former Member
In response to Former Member

‎01-29-2008 12:53 PM

0 Kudos

Hi Anwer,

As per my previous post

1. Assign the transactions (look in the link that I provided) to the users

2. Do not give the users access to SM30 in production. They do not need it. Find or create alternative transactions for the other tables they need to alter.

There is very, very rarely need to give any users access to SM30 in production.

Former Member

‎01-29-2008 12:59 PM

0 Kudos

Thanks for the reply.

Yeah! the super don't 've sm30 access in the PRD server.

However, I will try to manage with the t-code instead of sm30.

REgardssss

Anwer Waseem