Question:
Hi All,
If user does not have an Authorization to run a particular Transaction and if it's been tried with the statement:
Call Transaction <T Code>
The transaction can be executed as it's an Indirect call to the transaction and the Object "S_TCODE" is not checked during an Authorization check.
How can we disable the Indirect Execution of the Transaction through an ABAP Command: "Call Transaction <T Code>" ?
Thanks,
Saurabh.
Answer:
Use transaction SE97 to maintain the CALL TRANSACTION. It's straight forward, so it shouldn't cause too many problems.
Good luck
Answer:
Thanks henrik for the response.
I've got your point. But I want to restrict a User ID to run any transaction using the Call Transaction Statement.
I checked out SE97, in the Input Box against "Transaction" I specified one Transaction and executed, It showed the list of transactions which are inturn called by this transaction(If I'm correct).
So how do we restrict user to execute any transaction using the Call Transaction statement apart from specifying single transaction and specifying whether Authorization Checks to be executed for that Transaction or not?
Thanks,
Saurabh.
Answer:
Working as designed.
It was not until late 4.5 and above that SAP provided this option , there is no global setting you have to perform the task on every tcode. and some you will not want it to stop and other you will.
Answer:
Working as designed.
It was not until late 4.5 and above that SAP provided this option , there is no global setting you have to perform the task on every tcode. and some you will not want it to stop and other you will.
Agree with Dr. Jarboe. You may want to tell us what you are really trying to do and why . There could be a better way. You may also want to assess the risk. What is/isn't happening becuase you come at it with CALL TRANSACTIOn that won't/will happen if you access it directly?
You can always lock the transaction with SM02 but then you won't get to it no how.
_________________
bwSecurity
Answer:
Lo,
I have an example of that sort of problem:
Imagine an interface screen in SAP:
* an external system generates a flat file (expenses on items)
* you have written an ABAP program wich uploads the file in a SAPTableview (in a screen created in SE51), you can control all the lines and show to the user different error/warning messages in a column.
Friendly, not ?
* on the screen there is a button. If you click on it, a sub-program creates missing items with the datafile and with ABAP values. To do this, you use
a CALL TRANSACTION because you need to quickly get the messages and you don't want to wait for a BATCH and a plannified program to run the BATCH...
* if all the items are created (you are still in the first screen), you can click on an other button and the expenses are created...
I have developped that sort of big program and it works correctly and friendly (pictures, helps...). But to call "MM01", you need to have rights. Why ??? As you are in a specific transaction "Z*" and an unvisible CALL TRANSACTION ??? strange...
BAPI is the same ! I have tested lots of functions and you need to have SAP transactions rights.
IS IT POSSIBLE TO MANAGE RIGHTS OF ONLINE TRANSACTION CODE AND BACKGROUND TRANSACTION CODE FROM SCRIPTS (as ABAP, BAPI, VB....) ??
Resume: I don't want user to run "MM01" but I want them to run "ZMM01" which calls "MM01".
Best regards,
Arnaud
Answer:
IS IT POSSIBLE TO MANAGE RIGHTS OF ONLINE TRANSACTION CODE AND BACKGROUND TRANSACTION CODE FROM SCRIPTS (as ABAP, BAPI, VB....) ??
Resume: I don't want user to run "MM01" but I want them to run "ZMM01" which calls "MM01".
If you use your own Tcode, use Sm97 to set a called relationship between Zmm01 and mm01 so that MM01 is not required / i.e. is trusted.
If you use code to be executed via a module, the module (such as the BAPI´s you mentioned) will sometimes use the T_CODE you are wanting to avoid to make the posting / entry etc. Depending on the check and coding of the BAPI, it may be difficult to avoid this tcode.
Ned
Answer:
In some cases the S_TCODE check is hard coded and ther eis no work arround other than "copying" the tocde and removing the code or modify SAP code. or use Ned's suggestio nif hte S_TCODE is not hard codes.