Table Level Restriction

Download as docx, pdf, or txt
Download as docx, pdf, or txt
You are on page 1of 7
At a glance
Powered by AI
The key takeaways are that table level restrictions can be implemented using authorization objects and groups to restrict access to specific tables for users based on their roles. Sensitive tables containing information like financials or personal details should have access restrictions.

Table level restrictions are used to restrict access to certain tables for users to prevent excessive or unauthorized access to sensitive data. Standard tables come preconfigured but custom tables may need access configured.

Authorization groups are used to group tables that can be accessed by a user. The tables are mapped to the authorization group which is then assigned to user roles via the authorization object S_TABU_DIS to provide access.

Table level restriction

I am posting this topic in question and answers method,


hope you like it. These que & ans are inter linked with
another, read orderly to avoid confusion

S_TABU_DIS AUTH OBJECT AND ITS FIELDS
What is se16/sm30...
It is a data browser .User can access tables by using these
T codes.

What does table contain?
All the sap data stored in the form of tables. some of the
tables have sensitive information which cannot accessed
by every employee like vendor details, Profit & Loss
reports, Salary details etc.,

Table are two types

1)Standard:These tables comes with sap installation
2)Customized:These tables are created manually based on
requirement

What happen if user has access to se16/sm30...
If user has se16/sm30 access, user can access to tables
whether it standard or customized tables...It leads to
excessive access.

If we remove se16/sm30 access?
It is a bad idea to remove t code from user why because
users need some information as per their business process
.if we removes user cant access to those data


Then what has security admin to do....
Security admin find out which tables are require for user,
create a authorization group and map these tables to user.
Assign this authorization group to user via S_TABU_DIS.

What is S_TABU_DIS
It is a authorization object of se16/sm30 used for table
level restriction. It has two fields
One is (ACTVT) field contains permitted operations, we
have to give tick mark
Secondly DICBERCLS in this field we give authorization
group name.
Once a user has access a particular table authorization
group, the user can access all tables linked to the
authorization group..

How to create authorization group....
In Se54 we create authorization group.Authorization
group it self is empty.we map the tables to it. the default
authorization group is SC.

1)Hit SE54
2)Choose AUTHORIZATION GROUP
3) click on CREATE/CHANGE button.

4) Click on NEW ENTRIES


Enter Authorization group name in AUGR filed,max limit
is 4 characters and Enter description

Click on CREATE REQUEST or OWN REQUEST(here am
showing" create request")


Here SHORT DESCRIPTION is mandatory. maintain
meaning full description to identify easily.
usually every company has their own naming convention.


How to map the tables to authorization group and to add
authorization group to roles...
1)Choose ASSIGN AUTHORIZATION GROUP
2)Click on CREATE/CHANGE

3)Choose TABLE NAME and AUTHORIZATION GROUP


Enter table names what ever you want give access to user
in FROM and TO and also
Hit authorization group name


Add Auth Group to Role :

Open PFCG and enter role.
5. Add T code SE16 in menu tab.


Go to Authorization tab ->change authorization data
6.Now Add authorization group name that you have
created in SE54 in AUTHORIZATION GROUP Field of
S_TABU_DIS.

You might also like