Skip to Content
author's profile photo Former Member
Former Member

Recommendation: Lock transaction SE16 by changing the system settings.

Below is SAP Early Watch Recommendation.

Access on RFBLG - Cluster for Accounting Document

Program Data: Select * from BSEG - SAP Table

SQL Statement from data browser

This statement comes from transaction SE16 (data browser). It is not recommended that you allow users to access this transaction in the production environment.

Recommendation: Lock transaction SE16 by changing the system settings.

My questions:

1. How can we restrict with out Locking Se16 in PROD.

2. what system changes can we do?

3. How is table linked to Clsuter

4. Can we Lock the table or Cluster

5. Anything linked to Authorization Group

6. I don't have authorization in PROD & tried to get the table from SE11 & SE16.Its showing Authorization Missing - S_TABU_DIS with Activity 03 & SS.

Please let me know

Thanks,

Vijay

Add a comment
10|10000 characters needed characters exceeded

Assigned Tags

Related questions

3 Answers

  • Posted on Feb 22, 2008 at 05:21 AM

    Yes, it is true, do not give access of se16 to end users in production system. This will be objected by Auditors also.

    1. How can we restrict with out Locking Se16 in PROD?

    A. Remove authorization of se16 from the roles of users.

    2. what system changes can we do?

    A. Change it through authoprization control.

    3. How is table linked to Clsuter

    4. Can we Lock the table or Cluster

    A. Cluster is the internal functional/transactional concept in this scenario.

    5. Anything linked to Authorization Group

    A. No.

    6. I don't have authorization in PROD & tried to get the table from SE11 & SE16.Its showing Authorization Missing - S_TABU_DIS with Activity 03 & SS.

    A. If you are a system admin, upto an extent (display) you can the authorization.

    Thanks,

    - gaurav

    Add a comment
    10|10000 characters needed characters exceeded

  • author's profile photo Former Member
    Former Member
    Posted on Feb 22, 2008 at 06:27 AM

    Simply make sure that in NON of the roles the s_tcode SE16 is given or a range that would allow for SE16.

    Locking is not best practice for this TRX

    Add a comment
    10|10000 characters needed characters exceeded

  • author's profile photo Former Member
    Former Member
    Posted on Feb 22, 2008 at 06:45 AM

    Hi Vijay,

    I also would like to share some info...

    We too received EWA last month.As mentioned by earlier,pls block SE16 in PROD.Even in some cases if u want to give SE16 to any user,then restrict in authorization group(S_TABU_DIS).Pls do not given * access in authorization group(same was pointed out in our EWA and we removed * ) .Provide table access on need basis only.

    Rgds,

    Gadde.

    Add a comment
    10|10000 characters needed characters exceeded

Before answering

You should only submit an answer when you are proposing a solution to the poster's problem. If you want the poster to clarify the question or provide more information, please leave a comment instead, requesting additional details. When answering, please include specifics, such as step-by-step instructions, context for the solution, and links to useful resources. Also, please make sure that you answer complies with our Rules of Engagement.
You must be Logged in to submit an answer.

Up to 10 attachments (including images) can be used with a maximum of 1.0 MB each and 10.5 MB total.