SE16N and SAP_EDIT

SE16N - Sap Editing Activated

This is a continuation of the many different articles on this blog around security around tables. However, the articles till now has concentrated on the different methods provided by SAP to restrict access to tables. Today’s article on the other hand will talk about a common method of accessing tables, the security implications for this form of access and how we react as security consultant when faced with requests for this form of access. Continue reading “SE16N and SAP_EDIT”

What happens in June

Its been more than a month since I last posted in the blog.¬†Try as I might, I never seem to get around to posting as regularly as I would like to ūüôā¬†Still I am a firm believer in the philosophy that something is better than nothing, so the blog¬†lumbers on…….My current goal is to reach 100 posts in the blog and I am currently at 85. Lets see when I reach the milestone. Also, I am exploring a few new options at my work outside of SAP security. The result being that¬†my SAP access is now¬†limited to a solitary ECC sandbox. The reason I mention this here is to clarify that any new articles on any non ECC based articles would have to wait for a few months.

Database Views For Tables

Few aspects of SAP Security are as well explored by Security Consultants as security for Tables. SAP already provides a host of objects for controlling access to tables – S_TABU_DIS¬†for security through¬†table¬†authorization groups, S_TABU_CLI for client independent tables, S_TABU_LIN for row level security and S_TABU_NAM for security individual tables. The use of these different authorization objects have been documented elsewhere on this blog and I would not want to discuss any more of them here. However, lets take a different approach and think about a way to secure individual fields for a table or in other words column level security for a table. One of the ways to achieve these is through the use of database views. Please note that creating database view is not the job of a security consultant and in all probablity you would not have access to do it in any system. However its good to know of the option if ever the need arises.¬† Continue reading “Database Views For Tables”