Skip to Content

Hi,

this time I would like to focus on some features about security. The data provisioning UI in the HANA Modeler shows the complete table dictionary that is available on the source system – so you can easy click an choose the table you would like to replicate. When you think about security and authorizations – in some cases you would like to restrict the table which can be replicated to HANA.

How can you achieve this?

SLT come with an control table on the source system IUUC_TAB_ALLOWED. As long as the table remains empty, all tables are considered for load / replication. Once a first table is maintained in IUUC_TAB_ALLOWED, only those are allowed for the replication.

DMIS 2011 SP6 and higher:

The fields in table IUUC_TAB_ALLOWED are described below:

Field Description
SLT_SID The SAP LT Replication Server system ID.
CONFIG_GUID The SAP LT Replication Server system configuration
TABNAME The source system table name.
ALL_CLIENTS In this field, you can specify whether the configuration can only access the client specified in the RFC connection associated with the configuration (a blank entry) or whether the configuration can access data in all clients (an X). Note that read access to a single client is only possible if the option Read from Single Client must be set to active when you created the configuration. If this flag is not active, and the field ALL_CLIENT contains a blank entry, then read access will be completely blocked.

Examples

SLT_SID CONFIG_GUID TABNAME ALL_CLIENTS Description
SFLIGHT X Every configuration in every connected SAP LT Replication Server system can access data in table SFLIGHT in all clients.  Read access to all other tables in the source system is blocked.

SLT_SID CONFIG_GUID TABNAME ALL_CLIENTS Description
SLT 4713 SFLIGHT X Configuration 4713 from the SAP LT Replication Server system ‘SLT’ can access data in table SFLIGHT in all clients.  Read access to all other tables in the source system is blocked.

SLT_SID CONFIG_GUID TABNAME ALL_CLIENTS Description
PLT 1234 C1ES_GO Configuration 1234 from SAP LT Replication Server ‘PLT’ can only access data in table C1ES_GO in the client specified in the RFC connection, but only if the ‘Read from Single Client’ option has been set when the configuration was created. If not, then the read access to this table is completely blocked.

4711

SLT_SID CONFIG_GUID TABNAME ALL_CLIENTS Description
SLT 4711 SFLIGHT X Every configuration in every connected SAP LT Replication Server system can access data in table SFLIGHT in all clients.  Read access to all other tables in the source system is blocked.
SLT SPLANE

Before DMIS 2011 SP6:

Different options:

1. No table defined

Picture1.png

No restrictions defined. Therefore all tables are allowed for load and replication.

2. Some tables defined, ALL_CLIENTS set to space

Picture2.png

Only the defined tables can be replicated to HANA (in this example: MARA, MARC, MARD). The respective configuration must be defined as client specific replication.

3. Some tables defined, ALL_CLIENTS set to X

Picture3.png

Only the defined tables can be replicated to HANA (in this example: MARA, MARC, MARD). The respective configuration can be defined as client specific or cross client replication.

Example

a.) Now an example with tables SFLIGHT / SBOOK and SCARR – SCARR is in replication.

/wp-content/uploads/2013/06/3_236937.png

b.) Use transaction SE16 on the source system to restrict the allowed table. In this example a new entry for table SFLIGHT was created.

/wp-content/uploads/2013/06/4_236938.png

c.) Back on the HANA Studio – choose SFLIGHT and SBOOK for replication.

/wp-content/uploads/2013/06/5_236939.png

d.) What will be the result? The table SFLIGHT will be replicated because you created a record in IUUC_TAB_ALLOWED.Table SBOOK will be displayed           with status “Error”, because no record in IUUC_TAB_ALLOWED is specified.

/wp-content/uploads/2013/06/6_236940.png

      All other tables – that were in replication before you add a record into IUUC_TAB_ALLOWED – will stay in the same mode.

e.) What will happen when you want to stop table SCARR?

/wp-content/uploads/2013/06/7_236946.png

  

     The table SCARR is not part of the allowed tables and cannot be stopped from replication. So you will see an entry that the “Stop” leads to an “Error” and      a second entry that table SCARR is in action “Replicate” and the status is still “In Process”.

f.) Add SCARR to table IUUC_TAB_ALLOWED that you can stop the replication.

/wp-content/uploads/2013/06/8_236951.png

g.) Stop the replication for table SCARR.

/wp-content/uploads/2013/06/9_236952.png

     You can see – SCARR switched to Replicate/Executed. This indicates that the table was stopped for replication.

This is all about how the table IUUC_TAB_ALLOWED can be used to resrict the table that are allowed for replication. Please note that this in only working for SAP Source Systems. Hope this gave you some more insight in this feature. Let me know when you need more details.

Best,

Tobias

To report this post you need to login first.

9 Comments

You must be Logged on to comment or reply to a post.

  1. Kamaljit Vilkhoo

    Thanks Tobias.

    Your blogs have been very helpful.

    Typically changes and access to ECC source sytem is very restrictive.

    Is there a way to manage this control from SLT system ?

    Also how to determine config_guid ?

    Kind Regards

    Kamaljit Vilkhoo

    (0) 
  2. Joydeep Gupta

    Hi Tobias,

    We can Pause the Replication for a Praticular table from LTRC if it is not required for the time being & once it is needed we can Resume it.

    What additional advantage it would provide us if we use IUUC_TAB_ALLOWED?It would be really helpful if you can explain that.

    (0) 
    1. Tobias Koebler Post author

      The function is to restric the access in landscapes, where a 3rd party hosts your SLT system and you want them only to access a subset of tables.

      Best,

      Tobias

      (0) 

Leave a Reply