SE54: Assigning an authorization group to table &SM31&

Has anyone out there tried to assign an authorization group to the symbolic table &SM31& in transaction SE54?
Any success in using it?
Cheers,
Julius

Thanks Bernhard!
> But what I did find was [SAP Note 42563|https://service.sap.com/sap/support/notes/42563] .
> ...-->it's from 1997....!!
Note that the SM31 refered to in the note is not the SM31 we know today. It looks like SAP renamed it to SM31_OLD and replaced by a new SM31 (and the current settings option). The alternative having been changing miles of code, this seems reasonable but can be confusing (release dependently).
> Don't know if this is still used, as the check is in Rep.s SAPMSTBM, which is used in TX SM31_OLD, SM32, SM33 only.....
My rule of thumb is: If something is possible, then someone out there is either already doing it, or still doing it...
Cheers,
Julius

Similar Messages

  • ASSIGN AN AUTHORIZATION GROUP TO MANY TABLE

    Hello,
    I have several hundreds table to assgin an authorization group zaut.
    Is there any easy way to do it?
    I do not want to go se54 and change all table authorization group one by one.
    Please help.
    Thanks,
    Jeongbae

    Use Tcode SM30V_DDAT to assign the Authorization Group to multiple tables.
    Regards,
    Naimesh Patel

  • Define and assign user authorization groups in FI

    Hi All,
    In order to allow some specific group of users to post in AUGR allowed periods, how do I define and assign user authorization groups in FI?
    Thanks,
    Teo

    Hi Teo,
    Here i am giving some authorisations in fi
    F_AVIK_BUK FI Payment Advice: Authorization for Company Codes
    F_BKPF_BED FI Accounting Document: Account Authorization for Customers
    F_BKPF_BEK FI Accounting Document: Account Authorization for Vendors
    F_BKPF_BES FI Accounting Document: Account Authorization for G/L Accounts
    F_BKPF_BLA FI Accounting Document: Authorization for Document Types
    F_BKPF_BUK FI Accounting Document: Authorization for Company Codes
    F_BKPF_BUP FI Accounting Document: Authorization for Posting Periods
    F_BKPF_GSB FI Accounting Document: Authorization for Business Areas
    F_BKPF_KOA FI Accounting Document: Authorization for Account Types
    F_BKPF_VW FI Acc. Document: Change/Display Default Vals for Doc.Type/PKey
    F_BL_BANK FI Authorization for House Banks and Payment Methods
    F_BNKA_BUK FI Banks: Authorization for Company Codes
    I hope it will help.
    BR,
    Satya

  • Authorization Groups and table TBRG

    In our system we have tables which are using custom authorization group ZEXC.  I am looking at this via SE11 Table Maintenance Generator or SE54 Assign Authorization Group.
    I can also see that it is assigned to roles by using SUIM -->Roles-->By Authorization values -->entry auth object (S_TABU_DIS) and click on entry values.
    What I am not seeing is that the authorization group is defined in table TBRG.
    So my question is....  An authorization group does not need to be defined in order to attach it to a table or assign it to a role?  If the authorization group was created then deleted is it still valid to have it attached to tables and roles?

    Hi Sharon,
    Assign the authorization to user and make it inactive mode.Then authorization will be deactived to tat particular user's.

  • Authorization group for table maintenance view

    I  need to create table maintenence view for a custom table, client provide name for auth. group, but no clue how to create auth. group.
    can someone provide the steps to do this?

    Hi,
    Follow below steps to create table maintenance for a table and to assign authorization group to a table:
    step1: Go to SE11 enter the table name
    step2: In the standard toolbar you will find UTILITIES
    Go to UTILITIES -> TABLE MAINTENANCE GENERATOR
    You will go to first screen of Table maint. gen.
    Here you will find to enter authorization group.
    Thanks and Regards,
    Shravan G.

  • Assigning the Authorization group to particular transaction code

    Hi,
      How do we Assign the Aughorization group to particular Transaction code with authorization object. Is there any transaction code ?
    if anyone know, please let me know.
    With Regards,
    Prasad.

    The Tcode is tied to a Program & you can assign the Program to an Authorization Group via its attributes. I don't think there is an option to directly attach a Tcode to an Authn Group.
    ~Suresh

  • Check available authorization groups

    Hi ,
    if a custom table needs to be assigned to an authorization group in SAP.
    Which is the transaction to check users assigned to an authorization group?
    Currently i have an idea that Assigning and Creating authorization groups are dealt in SE54 but i cannot find a way to check
    whether users are assigned to an authorization group...!!!
    thanks
    kritika

    Checking Assignment of Authorization Groups to Tables:
    You can also assign authorization groups to tables to avoid users accessing tables using general access tools (such as transaction SE16). A user requires not only authorization to execute the tool, but must also have authorization to be permitted to access tables with the relevant group assignments. For this case, we deliver tables with predefined assignments to authorization groups. The assignments are defined in table TDDAT; the checked authorization object is S_TABU_DIS.
    You can assign a table to authorization group Z000. (Use transaction SM30 for table TDDAT) A user that wants to access this table must have authorization object S_TABU_DIS in his or her profile with the value Z000 in the field DICBERCLS (authorization group for ABAP Dictionary objects).
    See also:
    ·        SAP Notes 7642, 20534, 23342, 33154, and 67766
    ·        Documentation for RSCSAUTH
    Hope this helps.... if not check the following link
    If you still don't find, search google 'table authorization groups in sap' - There are good info on web.
    You can assign the authorization group to any custom table via SE11 - table - display - utilities - assign authorization group and rest follow the sap help (where to maintain and how to assign) .This is a developer and security persons work.

  • SE54 Change Authorization Group

    Hi all,
    I have an immediate need -- a previous developer created a table view and generated a function group for maintenance. The authorization group they assigned was incorrect so I need to change it. How can I do this?
    I went to SE54, changed the authorization group, then hit the "Change" button. It pops up asking for a "Reason for Change". My questions:
    1. Will this overwrite the funciton group and generate a new one? I do not want this to happen.
    2. Does it matter what reason I choose? There is not one for authorization group change.
    Thanks in advance. Points will be awarded for helpful answers.
    Message was edited by:
            John S

    Has anyone else encountered this problem? I have still not been able to find a solution.
    A recap:
    1. A previous developer created a custom table and a maintenance view to edit that table. Using the table maintenance generator he also developed some custom functionality and created a custom transaction to call this in SM30.
    2. The table and maintenance view were created with &NC& authorization group.
    3. We created a new authorization group that we need to assign to the maintenance view.
    4. Somehow the auth group for the custom table was changed to the new auth group.
    5. We have been unable to change the auth group for the maintenance view using a variety of ways.
    Does anyone have any suggestions?

  • Authorization Group in se38

    Hi everybody,
    what is the use of Authorization group in se38 attribute? can we create and assign our own one?
    The actual scenerio which i am facing here is My report should not be viewed by some grop of  users. My friend is saying i can do that through the above said one. But i know i can do that using AUTHORITY-CHEK.  What i am asking here is can i accomplish this task by the above said attributes.
    Points will be awarded.
    Thanx in advance.
    Gladiator

    Hi,
    Authorization Checks
    To ensure that a user has the appropriate authorizations when he or she performs an action, users are subject to authorization checks.
    The following actions are subject to authorization checks that are performed before the start of a program or table maintenance and which the SAP applications cannot avoid:
    ·Starting SAP transactions (authorization object S_TCODE)
    Starting reports (authorization object S_PROGRAM)
    Calling RFC function modules (authorization object S_RFC)
    Table maintenance with generic tools (S_TABU_DIS)
    Checking at Program Level with AUTHORITY-CHECK
    Applications use the ABAP statement AUTHORITY-CHECK, which is inserted in the source code of the program, to check whether users have the appropriate authorization and whether these authorizations are suitably defined; that is, whether the user administrator has assigned the values required for the fields by the programmer. In this way, you can also protect transactions that are called indirectly by other programs.
    AUTHORITY-CHECK searches profiles specified in the user master record to see whether the user has authorization for the authorization object specified in the AUTHORITY-CHECK. If one of the authorizations found matches the required values, the check is successful.
    The access protection system must ensure that only authorized individuals have access to the system and to particular data. For achieving precise application security concerning authorization and to protect confidential data against unauthorized access it is very important to focus on the use of authorization groups.
    The authorization group allows extended authorization protection for particular objects. The authorization groups are freely definable. They usually occur in authorization objects together with an activity.
    The table that contains all authorization objects is TOBJ.
    The table that contains all activities is TACT.
    The table that contains definition of all authorization groups is TBRG.
    TBRG -- Contains all authorization groups and gives information about relation between authorization object and authorization group. The description of the authorization groups is defined in table TBRGT.
    The field name for authorization group -- BRGRU -- is used to make additional restrictions on authorizations /e.g. for document maintenance/. In authorization objects and authorization checks, there are fields which are checked to verify user authorizations. Customizing objects are combined in authorization groups, and the authorization group is one of the two authorization fields, for example, in authorization object S_TABU_DIS which is in the object class BC_A (Basis - Administration). This object is for displaying or maintaining tables. It controls access using the standard table maintenance tool (transaction SM31), enhanced table maintenance (SM30) or the Data Browser (SE16), including access in Customizing.
    Authorization object S_TABU_DIS has the following fields: DICBERCLS - Authorization group, maximum field length is four characters; and ACTVT - Activity (02: Add, change or delete table entries, 03: Only display table contents).
    Generally, SAP standard tables are assigned to authorization groups. These assignments can be changed. You can then assign tables manually to a suitable authorization group. To do this, start Transaction SM30 for maintenance view V_DDAT, and create an entry for each of these tables. In V_DDAT is stored the assignment of Tables/Views to Authorization Groups. V_DDAT is cross-client; therefore, it can be viewed and used in all clients.
    Note: If you don't make a selection, all tables maintained in Customizing transactions are assigned to authorization groups.
    Reward If Helpfull,
    Naresh.

  • Association of authorization group with authorization object

    Dear Colleagues,
    We are using ECC 6.0 system. There is a transaction EMMAC2 where in the user would pick the case categories & view/make changes as required in the cases.
    However, we would like to have a user to pick only those case categories for which he/she is authorized & view/change the data.
    This EMMAC2 is controlled by authorization object B_EMMA_CAS & this authorization object has field BRGRU (Authorization Group) along with ACTVT (activity).
    We would like to control this via authorization groups
    We would like to create authorizations groups based on case categories & those authorization groups would be assigned in this BRGRU field.
    Meaning, the end result should be such that, when that new authorization group is added in BRGRU field & that role is assigned to an end user, the user should be able to see data only for those case categories for which the new authorization group has been created
    If I use SE54 to create authorization group, it automatically associates itself with authorization object S_TABU_DIS & this does not solve my purpose.
    But we would like to create a new authorization group & associate it with authorization object B_EMMA_CAS.
    Can someone please let me know the steps on how to achieve it or any other method to achieve it(for above underlined text)?
    Does a developer or functional consultant also need to be involved in this?
    PS: I tried to search in Google & our forums but could not get any answers

    Dear Aninda,
    Thanks for the help.
    I created an auth group via SE16 in table TBRG & associated to B_EMMA_CAS
    A case category was then assigned to this auth group
    We tested it - below are the results:-
    1. The user is allowed to 'change' and 'display' the case for the case category for which the user is authorized: this works as per requirement.
    2. The user is not allowed to 'change' case for the case category for which the user is not authorized: this works as per requirement.
    3. However, he is able to 'display' cases for the case category for which the user is not authorized: this we do not want.
    If I remove activty 03 (display), then the user is unable to display the case for the case category for which the user is  authorized.
    How to resolve this?

  • What is authorization group?

    Hi all,
    Can anyone tell me what is authorization group? I always come across this when I am inside pfcg and look into the authorization object.
    I know that authorization object groups authorization fields together. And authorization is an instance of authorization object. But how does authorization group fit into this model?
    I have read parts of the help manual that mention auth. group is used to manage Z tables, but they never mention the above relationship.
    Thanks.

    HI Jockey,
    The access protection system must ensure that only authorized individuals have access to the system and to particular data. For achieving precise application security concerning authorization and to protect confidential data against unauthorized access it is very important to focus on the use of authorization groups.
    The authorization group allows extended authorization protection for particular objects. The authorization groups are freely definable. They usually occur in authorization objects together with an activity.
    The table that contains all authorization objects is TOBJ.
    The table that contains all activities is TACT.
    The table that contains definition of all authorization groups is TBRG.
    TBRG -- Contains all authorization groups and gives information about relation between authorization object and authorization group. The description of the authorization groups is defined in table TBRGT.
    The field name for authorization group -- BRGRU -- is used to make additional restrictions on authorizations /e.g. for document maintenance/. In authorization objects and authorization checks, there are fields which are checked to verify user authorizations. Customizing objects are combined in authorization groups, and the authorization group is one of the two authorization fields, for example, in authorization object S_TABU_DIS which is in the object class BC_A (Basis - Administration). This object is for displaying or maintaining tables. It controls access using the standard table maintenance tool (transaction SM31), enhanced table maintenance (SM30) or the Data Browser (SE16), including access in Customizing.
    Authorization object S_TABU_DIS has the following fields: DICBERCLS - Authorization group, maximum field length is four characters; and ACTVT - Activity (02: Add, change or delete table entries, 03: Only display table contents).
    Generally, SAP standard tables are assigned to authorization groups. These assignments can be changed. You can then assign tables manually to a suitable authorization group. To do this, start Transaction SM30 for maintenance view V_DDAT, and create an entry for each of these tables. In V_DDAT is stored the assignment of Tables/Views to Authorization Groups. V_DDAT is cross-client; therefore, it can be viewed and used in all clients.
    Note: If you don't make a selection, all tables maintained in Customizing transactions are assigned to authorization groups.
    Check these links too..
    http://help.sap.com/saphelp_crm50/helpdata/en/52/671285439b11d1896f0000e8322d00/frameset.htm
    http://help.sap.com/saphelp_nw04s/helpdata/en/52/67129f439b11d1896f0000e8322d00/frameset.htm
    http://www.sap4.com/contentid-39.html
    Thanks,
    Susmitha
    Dont forget to reward points for useful answers.
    Message was edited by: Susmitha Thomas

  • Reasign authorisation group at table maintenance generator

    Hi All,
          I have a table, assigned with authorisation group as &NC&. Now I need to change to authorisation group created newly.
    If i change with newly created authorisation group in table maintenance generator level.
    My Qus:1. Need to generate the table maintenance generator for this again.
    2. Will it affect the users assigned to authorisation group.
    3. Wht i need to do to change this, and wht are its effects if i change the authorisation group.

    Hi,
    If the user is not assigned for the role he has to be assigned for that role.
    one role is assigned to authorization group.
    basis consultants will add the role of that group to that particular user.
    otherwise he cant change the entries of the table.
    so consult basis consultant for security role assignment.
    Thanks
    Parvathi

  • Authorization group,function group

    friends while creating a table maintenance view  it's asking  authorization group
    and function group ,what are those things and what to provide there.plesae tell me
    in detail.

    Hi,
    You can assign authorization groups to tables to avoid users accessing tables using general access tools (such as transaction SE16). A user requires not only authorization to execute the tool, but must also have authorization to be permitted to access tables with the relevant group assignments. For this case, we deliver tables with predefined assignments to authorization groups. The assignments are defined in table TDDAT; the checked authorization object is S_TABU_DIS.
    You can assign a table to authorization group Z000. (Use transaction SM30 for table TDDAT) A user that wants to access this table must have authorization object S_TABU_DIS in his or her profile with the value Z000 in the field DICBERCLS (authorization group for ABAP Dictionary objects).
    Function group to which the maintenance modules are to belong. One function group can contain maintenance modules for several tables or views.
    – Authorization group
    – Maintenance type (one or two-step)
    – Maintenance screen(s) (one or two-step maintenance type, resp.) numbers
    Regards,
    Ferry Lianto

  • Hide price in ALL Tx accg to material authorization group or material group

    Hello,
    I'm currently working on a customer's need which consists in hiding the material price in all transactions (MM, SD, FI...), according to the material master authorization group OR the material group.
    The difficulty remains on the fact that users manage the transactions for other materials for which they can see the price.
    I've tested some solutions posted on the forum (Tx OMET + user parameter EFB, use of authorization objects M_BEST_EKG + M_BEST_EKO + M_BEST_BSA) but none is satisfying enough.
    Please tell me you have an idea that would prevent me from doing transaction variants + enhancements!!
    Thanks for your help
    Annabelle

    > I am unable to find out the Material or the Material Type that is linked with a material authorization group (QMATAUTH).
    >
    > Do we have a table where I can find the Material Types or the Materials contained in each material Authorization Group (Q_MATERIAL -> QMATAUTH).
    You can get teh details on QM authorization group through table TQ01D. YOu can go through the following post for list of QM tables and tcodes.
    QM Tables and T codes
    Thanks.
    Anjan

  • Authorization group restriction

    Hi ,
    I would like to know how to restrict authorization group FCAR and FCAP.We could see it is related to F_BKPF_BES object .It seems the same authorization object should be given the following access
    --display access for documents asigned to authorization group FCAP
    --should not allow display for documents assigned to authorization group FCAR
    If we restrict using FCAP (displays access)the second condition works fine but the first one it displays line items only for G/L accounts.Vendor line items does not get displayed.
    Please let me know your thoughts on this.

    Hi Mekha,
    You can add another object F_BKPF_BES manually and in the first one give
    display access for documents asigned to authorization group FCAP  and in another no display for documents assigned to Auth group FCAR
    **Reward points accordingly
    Junaid

Maybe you are looking for

  • Help me find my photos originally on iPad 1. No questions on the missing iPad 2 I just want my photos.

    I cannot get my photos on my ipad 1. I don't remember if I exported then on the device that was stolen

  • Use same player for images and video

    Greetings, I am working on a media player using Flash Pro CS4. I am totally new to Flash, but I do have experience coding in C#. I have included a URL to a media player used by the UFC. I'm trying to figure out how they have a single media player tha

  • No Two Way Sync For Notes?

    3Gs, latest iTunes and I got a sync message as to a conflict between Mail and the iPhone. One note did indeed have different text than the other but I wanted to keep both...no option and the tool doesn't merge the records. Is this normal? Do the note

  • How to reinstall (1st failed) SP4 udpate on same machine

    Dear All, We are on BOBI 4.1 SP2 and we are updating to SP4. This is imp as we want to integrate recent sharepoint server.  We are on SUSE linux. We got the tar files on shared location on Linux. This shared location is available on both Linux and HP

  • Speed/connection/customer service

    Hi everyone,  I was thrilled to move to BT Infinity 2 unlimited but soon caught up with various problem including online  speed and vision speed. I have contacted help line but got no where. They were so un helpful and even did not bother to solved m