08-04-2011 9:51 PM
Hi all,
I have to following two questions.
1. Can someone tell me the general difference between SE16 and SE17? I have tried researching online and I see that SE17 is display only, but a user can't make changes to data. Is this correct?
2. We have some users with SE17, S_TABU_DIS, value of 01/02 with assigned auth. groups. In this scenario, can a user make changes to data in tables assigned to auth. groups or would it just be display only access?
Thanks,
Dave
08-04-2011 9:58 PM
It depends on the authorizations of the user, the delivery classes of the tables, the system settings for changes and the current settings flags.
I suggest that you research it and then tell us what you have found.
Anyway, Se17 as an application is rather limited. Most developers use Se11 sooner or later.
Cheers,
Julius
08-22-2012 3:12 PM
Hello Julius,
I'd like to check some things here:
It depends on the authorizations of the user, the delivery classes of the tables, the system settings for changes and the current settings flags.
Authorizations of the user:
- S_TABU_DIS / S_TABU_CLI /S_TABU_NAM and S_DEVELOP (ACTVT 02)
Client settings (SCC4):
- SAP Note 109083
Table properties (SE11)
- Display/maintenance allowed:
"Transaction SE16 allows the maintenance and display functions for this Dictionary object.
Note: If an SM30 maintenance dialog exists for this Dictionary object,
it is called."
My question is, if a user has authorization to SE16 with S_TABU_DIS/S_TABU_NAM actvt 02 but:
- the client is set to no modifiable
- the user has no authorization S_DEVELOP ACTVT 02.
Does the user still have access to change data in SE16??
SAP Note 210101 is not fully clear:
"Tables that have the 'Table maintenance allowed' attribute in the DDIC and
which are part of a maintenance view, can also be maintained with
transaction SE16. This correction eliminates the error.In general, tables
can no longer be maintained with transaction SE16."
What does "in general" mean?
Cheers,
Diego.
08-05-2011 12:35 AM
What I found is mixed. I find some people say SE17 is similar to SE16 in that users can maintain/update tables, while others have stated it is not vulnerable as SE16, hence the question.
I am trying to understand if SE17 should be treated similar to SE16 as far as security restrictions or is SE17 just a display only transaction even if a user has S_TABU_DIS with value of 01/02?
Thanks,
Dave
Edited by: toosunneo on Aug 5, 2011 1:35 AM
08-05-2011 6:16 AM
There is no actvt 01 for s_tabu_dis.
If the user has the correct authorizations, then Se16 is fine. Se17 as well.
Cheers,
Julius
08-05-2011 12:52 PM
It is important, as Julius says, to understand the logic of table maintenance.
However, there is a difference between SE16 and SE17.
If the user has table maintence authorization (S_TABU_DIS, ACTVT 02) transaction SE16 will able you to create entries in tables within the authorized authorization group(s)
Transaction SE17 will NEVER expose table maintenance authorization. The transaction is display only itself.
Kind regards,
Lodewijk Borsboom