Skip to Content
0
Former Member
Feb 18, 2011 at 09:25 AM

Relate authorization object to transaction

101 Views

Hi experts,

I am currently working on authorization on AS ABAP, creating roles containing different SAP standard transactions

Actually I wonder if it is possible to relate an auth. object to a certain transaction. This could be necessary for my authorization concept because there are several SAP standard transactions checking the same auth. object.

As an example take transactions SE16 and SM30. Both check auth. object S_TABU_DIS.

If I now want to create a role which gives a user the permission to edit customizing tables in SM30 but not in SE16 there is no way (until now I do not know one) to define an instance of S_TABU_DIS with read/write permission for SM30 and another instance with only read permission for SE16.

I tried to use two roles putting one transaction into each. When I give the user the "SE16 role" he has no write permission in SE16. But when I give him the "SM 30 role" too he has write permissions in both, SM30 and SE16.

Therefore I guess that the authorization of the SM 30 role "overwrites" the read-only permission of the SE16 role.

Now my question to you: Is there any way to bind an auth. object to a transaction, so that an authorization defined from an auth. object is only valid for a certain transaction?

Thanks in advance for all answers!

Best regards,

Torben