February 24, 2014  

SAP: Table Access Management

A small change with big effect fra SAP has come in the area of table security.

SAP standard solution for table security has always been to group tables into authorization groups, which users then where granted access to using object S_TABU_DIS. Thereby granting access to all tables in the authorization group. For many years this has been the only standard solution for management of table authorizations.

A clear disadvantage has always been; what criteria should the table groups be based on? Criticality? Business area? Or something else? Regardless, management of the table groups means spending many resources on management of the table structure.

SAP’s solution is the introduction of security management on table name basis. So instead of grouping tables in authorization groups and then granting access to them, SAP has now made it possible to utilize S_TABU_NAME and directly assigning access to a specific table.

FANTASTIC!

See SAPs description in the below link or OSS note 1481950

http://help.sap.com/saphelp_nw73/helpdata/en/4c/a0ac7a68243b9ee10000000a42189b/frameset.htm

“To also protect tables that are not assigned to an authorization group, you can also use the authorization object S_TABU_NAM. It is integrated into the authorization check of the central function module VIEW_AUTHORITY_CHECK. In this case, the system first checks S_TABU_DIS. If this authorization check is not successful, the system also checks S_TABU_NAM.”

Tags: , , , , ,

About Kenneth Hartvig

In my professional life I have 4 great passions; SAP Security + Identity & Access Management + Business Development + Leadership. I am easily inspired with new ideas for business Development, and I do my best to contribute with my insight on how to make things better for my clients. As a leader a key focus point for me is; involvement - I want to know my employees. I want to involve them in the decision process. I want to create ownership and commitment. To me involvement is the best way of unlocking people's potential to becoming better. On the technical side my relationship with my first great love, SAP, started in 2002. Since then, through participation in various courses, seminars, conferences and of course many exciting projects, I have gained a broad experience in developing, implementing, managing, operating and auditing SAP security solutions. It was also in connection with simplification of SAP access management, I moved into the Identity & Access Management sphere. Since then I have completed several IAM projects with various software solutions, incl. Control SA, TIM, MS FIM and Omada.

3 responses to “SAP: Table Access Management”

  1. Jakob Brændgaard says :

    Great initiative and looking forward to follow.

    Reply
  2. John Vidrine says :

    I agree with JAKOB…thanks for the invite :-)

    Reply

Leave a comment