Solution : https://service.sap.com/sap/support/notes/1434284 (SAP Service marketplace login required)
Summary :
SAP Note clarifies table access authorization mechanisms focusing on different transaction authorizations and table groups. It elucidates how the VIEW_AUTHORITY_CHECK module is central to various SAP transaction authentications, including SE16, SE16N, SM30, and more. This module handles checks for S_TABU_DIS and S_TABU_NAM objects based on whether tables belong to specified authorization groups in TDDAT or the dummy group '&NC&'. There are specific configurations involving Business Add-Ins for heightened authorization checks. The Note outlines how to structure access control exclusively through table authorization groups or a combination of groups and specific table names.
Key words :
maintain partially automated authorization default values, central fi customizing transactions support s_tabu_nam, authorization administration effort increases considerably, previous authorization concept basically prevented, create customer-specific table authorization groups, newly-created table group assignments, central function module view_authority_check, central check module view_authority_check 2, central check module view_authority_check, previous authorization concept based
Related Notes :
| 1703786 | |
| 1652663 | |
| 1639132 | |
| 1587228 | |
| 1569388 | |
| 1557803 | Correction of role SAP_BC_SEC_IDM_COMMUNICATION |
| 1557277 | SQVI/SQ01: No authorization check on S_TABU_NAM |
| 1541577 | Impact of S_TABU_NAM in Risk Analysis and Remediation |
| 1522661 | Enhancement of the function module VIEW_AUTHORITY_CHECK |
| 1516880 | Authorization check for generic table access (S_TABU_NAM) |
| 1507256 | Default authorization group assignment of BW tables |
| 1500054 | Additional tools for S_TABU_NAM authorization concept |
| 1481950 | New authorization check for generic table access |
| 1381945 | SM30: View Maintenance Authorization Enhancement |