The big problem with transaction SE16 is that you can only restrict with authority-object S_TABU_DIS.
But this object is also used in other transactions and users need this obj..
If you give an user SE16 authority he will be able to watch all tables from S_TABU_DIS.
This thread shows, how you can authorize persons to use the SE16-Function only for separate tables.
The function is only for the SE16, not for SE16n.
As you can change the tablename in SE16n at the selection-screen, we can't use it.
-
Step 1: Lock TA SE16 and SE16n for all users.
-
Step 2: Create a PARAMETER-Transaction (as bridge)
-> se93 -> create
POPUP:
TA-NAME = ZSE16_BRIDGE / Select Transaction with parameters
DETAILS:
Transaction (which is called) = SE16
Skip Initial Screen = X
SAPUI for Windows = X
->SAVE
-
Step 3: Create an Authority Object called ZSE16
->su21->create (button)
Field name = TABLE
->SAVE
-
Step 4: Creating Report ZSE16
se80->create program ZSE16 as executable program
CODING START:
Report ZSE16.
*Creating Dynpro-Parameter
PARAMETERS p_table TYPE databrowse-tablename OBLIGATORY.
*Start with Enter
AT SELECTION-SCREEN.
****OPTIONAL
*Use FM 'DB_EXISTS_TABLE' and FM 'DB_EXISTS_VIEW' for checking of existence of table.
****OPTIONAL
*Checking Authority
AUTHORITY-CHECK OBJECT 'ZSE16' ID 'TABLE' FIELD p_table.
"no Authority
IF sy-subrc IS NOT INITIAL.
MESSAGE 'No Authority for this table!' TYPE 'E'.
ENDIF.
*Setting Table as Parameter ID
SET PARAMETER ID 'DTB' FIELD p_table.
*Call Transaction (bridged (so user don't needs SE16-Authority))
CALL TRANSACTION 'ZSE16_BRIDGE'.
CODING END:
Attention:
Don't use "Call Transaction 'SE16' and skip first screen" instead of "Call Transaction <bridged TA>".
Because with SE16 and skipping first screen, the user comes back to the original SE16 with "F3".
So he would be able to access all tables!
-
Step 5: Create an authority-role
- AuthObject: S_TCODE = ZSE16
- AuthObject: ZSE16 = <name of unlocked table>
Enjoy ZSE16