Authorization object that is used to check the authorization for displaying and maintaining table contents. This object controls users’ access to data only if they access the data using Standard Table Maintenance (transaction SM31), Extended Table Maintenance (SM30), the Data Browser or through Customizing.
You can use this authorization object to limit users’ access authorization so that, for example, users with authorization for the se16 transaction (that is, for all Data Dictionary objects) can only access data of the table entries defined using this authorization object. You can also deny system administrators specific access to application data, for example. As soon as you have set up this authorization object, you can edit or change only the table entries for which corresponding authorization has been granted explicitly by S_TABU_DIS.
The object consists of the following fields:
Authorization Field |
Long Text |
---|---|
DICBERCLS |
Authorization Group |
ACTVT |
Activity |
TheDICBERCLSfield contains the authorization for tables by authorization class according to table TDDAT. Specify the names of the permitted classes in this field. Table classes are defined in the TBRG table.
TheACTVTfield contains the permitted operations. The following values are possible:
02:Change (add, change or delete table entries)
03:Display table contents
You can enhance the general table maintenance authorization using S_TABU_DIS and the S_TABU_CLI authorization object. This protects cross-client tables.
If you have to make a stronger distinction between the general table maintenance authorization (for example because you need to protect country-specific data records in cross-country tables such as T510A), you can use the S_TABU_LIN authorization object.