04-22-2009 3:29 PM
Hello peers,
In my company we have some roles with access to S_TABU_DIS, Activity 01 or 02. I am in the process of role clean up. Can anyone tell me how should I approach this situation and what should I ask process owners to justify the access? What are best practices suggested by SAP? Your response will be appreciated.
04-22-2009 3:48 PM
Hi Friend
Actvt 01 and 02 for S_TABU_DIS is not necesarily a problem, as long as it is only to specified authorization groups. Have a look in the profile generator, if the authorization is "Standard" I wouldn't change it.
If it's to authorization group &NC&, or even * I would deactivate the object, any value required should be discovered in the test phase. (And remember, never assign access to authorization group &NC&, always assign your tables to an authorization group in SE54)
Regards
Morten Nielsen
04-22-2009 8:25 PM
Hello Friend
As rightly mentioned by Morten there should be no S_TABU_DIS 01/02 with * or &NC&.
You need to advise process owner / functional that all tables should have auth group associated with the tables and this is the best practice suggested by SAP.
Thanks
Santosh kumar
04-23-2009 6:12 AM
Hi
As per my knowledge the process owners always want table view access on daily basis very rarely they want change/create access.
1. Please ask process owners for the list of SAP tables that they want access on daily basis / occasional basis of the table view/change access. List of all the tables and their authorization groups using SE54
2. Clean up the roles, remove the activities 01, 02 from S_TABU_DIS object and maintain activity 03 with valid authorization groups to the respective tables.
3. Create emergency roles for the 01 & 02 activates, assign them whenever user request with valid approval workflow.
Not only S_TABU_DIS object also look into the object S_TABU_CLI object is very crucial.