Authorization Object S_TABU_DIS (Table Maintenance)

Definition

Authorization object that enables authorization checks for displaying or editing table content. This object controls access though standard table maintenance functions (transaction SM31), extended table maintenance functions (transaction SM30), or the Data Browser. This includes access through the Customizing system.

Use

With this authorization object you can, for example, restrict access just to data in table entries defined in this object; even if the user who wants to access the data has authorization for transaction SE16 (and therefore for all ABAP Dictionary objects). In this way, you can prevent system administrators from accessing application data. Once you implement this authorization object, only those table entries can be modified or displayed that have been given the appropriate authorization in S_TABU_DIS.

Structure

The object consists of the following fields:

Authorization Field

Long Text

DICBERCLS

Authorization group

ACTVT

Activity

Further Information About the Fields

·          The DICBERCLS field contains the authorization for tables according to the authorization classes in table TDDAT. Here, you specify the names of the permitted classes. Table classes are defined in the table TBRG.

·          The ACTVT field contains the permitted operations. It can take the following values:

02:Change (add, modify, or delete table entries)

03: Display table content

Integration

If you want to protect cross-client tables, you can add the authorization object S_TABU_CLI to the general table maintenance authorization with S_TABU_DIS.

If you want to implement more detailed table maintenance authorizations (for example, if you want to protect country-specific data records in tables with data from more than one country (such as T510A)), then you can use the authorization object S_TABU_LIN.