cancel
Showing results for 
Search instead for 
Did you mean: 

Authorization for data

0 Kudos

Hey,

I would like to know of the options that SAP provides for managing authorizations ....

In our organization we manage data with tables, objects, etc. In some tables we have records that are only relevant for certain user groups. I need a way to display the relevant data for each group.

We use “select” to get the data from the tables. Is there any way to manage the authorizations so that I won’t have to make big changes to the code.

Accepted Solutions (0)

Answers (4)

Answers (4)

0 Kudos

Please,

Any help?

0 Kudos

Hey,

Thanks for your answer. I will try to explain a little bit better my problem.

Our data is on several custom tables. Until few days ago we had only one type of users, which they could edit/add/remove data from tables.

And also, we use “select” - (abap) to take the data from the tables.

But now we got more groups of users which can not share data among the groups. And we need to add the data to same table our first group is using.

Is there any solution to this problem?

Hope you can help me

Colleen
Advisor
Advisor
0 Kudos

Hi David

If your code doesn't contain any authorisation checks then there isn't much that can be done

Is this a custom built program? Is it on ABAP or a specific component as this determines which security models are available (i.e. you mentioned ACE which looks to be CRM specific)?

If it's data and custom tables, how is the data being accessed? If custom code, did you have a functional module, method or something you consistently call each time to access the data so you can add authority checks in? If the restriction is based on user groups in SU01 the you could create a custom authority object and define the field you need, including user group field for the data, etc.

It's a bit difficult for anyone to provide suggestions. However, to me it seems that security was never designed up front and it could be an expensive activity finding each and every scenario to add a check in as opposed to designing it with security requirements up front.

If the data isn't a lot to manage and it's SM30 type access then you could look at S_TABU_LIN authorisation and configure the scenarios. If it's high volume then it could be a negative performance issue in using that object.

TammyPowlas
Active Contributor
0 Kudos

Hi David - I recommend reading Otto Gold's blog on authorization checks: https://blogs.sap.com/2013/11/02/how-to-put-proper-authority-checks-to-your-custom-programs/

0 Kudos

Hey,

Thanks for your answer. However, I am looking for a way to manage the authorization without changing the code (or adding the check in each and every time I use the sensitive data - if i don’t find another way I will do it).

In my research, i have found “ACE” but I don’t think that it solves my problem - relvent records per group of users in the same table.

Are you familiar with something else that SAP provides which can help me?