Online Tutorials & Training Materials |
Register Login

Log analysis: Table is not in authorization group

|| 0

Log analysis: Table is not in authorization group

The report RSVTPROT (transaction SCU3) does not analyze table change logs and informs you that the relevant table is not contained in any authorization group.

This problem mainly occurs if you have selected "Evaluation for Tables" on the selection screen of the program.
The program is mainly designed for the "Evaluation for Customizing Objects" (for example, views, view clusters), and it first uses the authorization object S_TABU_DIS to check whether the user has a display authorization for the Customizing object.
Customizing objects are grouped together in authorization groups, and the authorization group is one of the two authorization fields in the authorization object S_TABU_DIS. However, the assignment to an authorization group is restricted to the Customizing object only. In general, the dictionary tables that are maintained within the Customizing object are not assigned to any authorization group.
Consequently, the report cannot execute an authorization check for the individual tables and does not carry out a log analysis.


1. Evaluation for Customizing Objects
              To evaluate changes to Customizing settings, you can

position the cursor on the required Customizing activity in the Implementation Guide (IMG) and choose the button 'Change Log' (F7).
choose the menu option "Utilities --> Change Logs" from the maintenance screen if this is a standard Customizing dialog.
enter the technical name of the Customizing object (if you know it) on the initial screen of the report RSVTPROT (transaction SCU3) and select "Evaluation for Customizing Objects".
2. Assigning tables to be evaluated to authorization groups
              The attached auxiliary report searches for the Customizing object whose object list contains a specified table, and it assigns this table to the authorization group that contains the Customizing object.

              The program lists tables that cannot be uniquely assigned. You can then manually assign these tables to a suitable authorization group. To do this, call transaction SM30 for the maintenance view V_DDAT and create an entry for each of these tables. (Use the maintenance view V_DDAT_54 as of Web Application Server 620.)


              If you do not make a selection on the initial screen of the auxiliary report, all of the tables that are maintained within Customizing transactions are assigned to authorization groups.

              As of Web Application Server 6. 10, you do not require the attached auxiliary report. In this case, use the report TAB_INTO_AUTH_GRP, which is available in the standard system.

              The program does not have a transport link.