01-29-2008 11:44 AM
Hi
I want to define the additional authorization group on the following tables.
v_tvm1
v_tvm2
v_tvm3
v_tvm4
v_tvm5
I have generated the access key for the v_tvm1 to check the scenario, the existing authorization object of the following tables are "VA" SD: Appl. table.
I have overwriten the authorization object and generate the new request which solved our problem but the existing authorization group might be pre-requisites for the SD Application and may arise inconsistences in the future.
I don't want to the users should authroized with the default authorization group "VA", otherwise, the users get unauthorized access of the tables whose authorization group are "VA"
I want to assign the new authorization group on the following table and restrict them by the new authorization group.So that, users will restricted by those tables have authorization group are "ZMMT"
When i add the new authorization group in the table maintenance by the se11, the process has been ended with the below popup
Choose the key from the allowed namespace
Message no. SV019
Diagnosis
You have attempted to create an entry and have used a key which is not
in your namespace.
This can cause problems in later upgrades because the entry could be
overwritten by an import, or overwrite an existing entry.
Procedure
Check your entry and try to enter a key value from your namespace.
You can display the namespace definition with RDDKOR54.
Please advise us. or do you recommending me to overwrite the existing authorization group on the following tables. ?
REgares
Anwer Waseem
SAP BASIS
01-29-2008 11:57 AM
Hi Anwer
Why do you need to change the auth group on them?
Just get the users to access them via the tx linked to those views (check out Julius' post on the following thread https://forums.sdn.sap.com/click.jspa?searchID=8407692&messageID=4723045 ) and keep the standard VA auth group. Users shold not be able to access them in prod in any other way, especially not via SM30 etc.
01-29-2008 12:44 PM
Hi
You are absolutely right, this role will assign to super users who is authorized on the sm30 with the few customized tables and restricted by the authorization group, so that, super users is restricted not to play with the other tables, but with this additional role assigning to him, he will authroized on the SD tables whose authorization group are "VA"
Please advise us.
Regards
Anwer Waseem
SAP BASIS
01-29-2008 12:53 PM
Hi Anwer,
As per my previous post
1. Assign the transactions (look in the link that I provided) to the users
2. Do not give the users access to SM30 in production. They do not need it. Find or create alternative transactions for the other tables they need to alter.
There is very, very rarely need to give any users access to SM30 in production.
01-29-2008 12:59 PM
Thanks for the reply.
Yeah! the super don't 've sm30 access in the PRD server.
However, I will try to manage with the t-code instead of sm30.
REgardssss
Anwer Waseem