Thursday, 23 February 2012

SAP SECURITY AUTHORIZATION: S_TABU_DIS has no 01 Activity

Given the high criticality and increasing complexity related to table access –
SAP® has introduced a new authorization object for a more refined
table access control.

The authorization object S_TABU_NAM was introduced last year.
This authorization object consists of two fields ACTVT (Activity)
and TABNAME (name of table or view).
This concept is valid for generic table access through transactions like SE16,
SE16N, SE17, SM30, SM31, SM34 as well as generic function modules
(e.g. RFC_READ_TABLE)

The authority-check was integrated in the function module
VIEW_AUTHORITY_CHECK as per Release 7x with corresponding
Support Packages (Please refer to OSS Notes 141950 and 1434284
for more details).

To make sure the new object is downwards compatible with the previous
checks on S_TABU_DIS and S_TABU_CLI where applicable;
the check will only be performed if the check on S_TABU_DIS was not successful.