Table Access Enforcer (TAE)

Restrict access to tables and table content based on Fieldvalues and customizing without custom development.

Big Picture

A lot of companies using SAP have taken the decision to restrict the use of SAP standard transactions such as  SM30 (Maintenance View) or SE16 (Data Browser) for end users. These decisions are most often taken for concerns regarding data protection or security reasons.

However, there are cases where the end users must access data or maintain some data, even on production systems. The customers then have to develop their own program or API for each request. These developments are expensive, must be maintained and over time, the customer loses the main reason for the interdiction of the SE16 and SM30 transactions, namely the restriction on access to display or modify SAP-tables.

Features

Central overview of all accessed tables

A central overview of all accessed tables for maintenance or display by endusers.

Authorization Check for Each Table Including Content

The authorization check not only includes which table a user can access, but also what data within this table is allowed to be viewed or modified. For instance a user could be restricted only to view data belonging to company code 1000.

Avoid customer development

No customer development is needed for data access or view maintenance, as the creation of transaction variants for table maintenance is optional.

Full SE16 functionality

Have almost all functionality of the SE16 transaction (pre selection, Excel, Download, ..) for the TAE data browser.

Full SM30 functionality

Have almost all functionality of the SM30 transaction (Filter, save, print, ..) for the TAE-view maintenance

The following applications are delivered in the Table Access Enforcer

  • Maintenance View Enforcer

  • Data Browser Enforcer

  • Customizing TAE

Maintenance View Enforcer

Administrative units require a display and a maintenance access to SAP tables. When executing the transaction SM30, the corresponding SAP view is called. In most cases, the name of the SAP view matches the name of the table. If this is not the case, you can find the view by clicking the button “Find Maintenance Dialog”. Without TAE at least one transaction to access and/or modify data in the view for each SAP-view has to be created. The customer was also not able (except with further development) to filter/hide unauthorized data within the SAP-View. This leads to a multiplication of the SAP developments and then a low acceptance because of the costs of these developments. The Maintenance View Enforcer solves these issues by using customizing instead of development.

Data Browser Enforcer

Administrative units require an authorized and secure browser access to SAP tables. So far, for each table access, an ABAP program which extracts the data of a SAP table has to be created. These programs are easy to develop, but still need some reaction time until the developer resource is found. Another issue is that you do not have the possibility to easily pre-select data. The Data Browser Enforcer is an application which solves these issues by using customizing instead of development.