06-27-2014 3:30 PM
Hi guyz,
In relation with the post below, I just want to ask if there is other way to access TCODEs you are not authorized to access aside from debugging in SE93 or SM37?
http://scn.sap.com/message/15149782#15149782
Thank you!
Loed
06-27-2014 3:38 PM
I am not saying you should do this, but, all transactions are in TSTC.
You could try to go to SE16, and simulate in debug mode SE93..
06-30-2014 7:19 AM
Hi Tom,
What do you mean by all transactions are in TSTC? Is it a tcode? Coz I tried it in BW server and the error message is TRANSACTION TSTC IS UNKNOWN..
Thank you!
Loed
06-30-2014 1:50 PM
TSTC is table. I find some of the other answers far more convenient and enlightening.
07-02-2014 4:30 AM
06-27-2014 3:41 PM
Hi Loed,
The best way to debug transactions you do not have access to is to request authorisation to those transactions. If it is a necessary part of your role to have this access then it should be granted, if it is not you shouldn't be accessing them by any back door means.
Regards,
Nick
06-27-2014 3:46 PM
If you have the authorization to change variables in debug mode, then that is an explicit authorization to the whole system.
06-27-2014 5:26 PM
Agreed, badly designed authorisation roles can always give you access to more than was intended.
However, if you need to use debug to access a transaction then that doesn't constitute explict authorisation. Your attempt to run the transaction by conventional means will have explicitly told you that you are not authorised to do so. You can seek to exploit other means to access the transaction, but you are doing so with full knowledge that this is outside the defined scope of transactions in your authorisation role.
Regards,
Nick
06-30-2014 7:22 AM
Hi Nick,
Yeah I just request access on my client to tcodes that I need to access..
I just became curious when I saw the thread I have posted that's why I created this post..;-)
Loed
06-28-2014 4:46 AM
06-29-2014 12:14 PM
hi, the procedure provided below is not advisable but for some cases might be helpful. please be advised that all security must be followed as best practice still.
1. Go to SE37 and execute SCCA_CALL_TRANSACTION in debugging.
2. Click F6 and change value of sy-subrc to 0.
3. Click F8. You may now use the tcode.
06-30-2014 7:17 AM
Hi Jovee,
Sorry for that, I mistyped the title..It should be SE93 and SE37..I already know how to debug on both tcodes..I'm just curious if there are still other ways to access tcodes which are not assigned to you aside from debugging using those tcodes..
Thanks anyway for reply..=)
Loed
06-30-2014 8:03 AM
Hi,
You can try the function module 'ALINK_CALL_TRANSACTION' by passing the t-code required to be accessed.
Regards
Gangadar
07-01-2014 2:36 PM
Hi Gangadhar,
As I have said, what if I don't have access in SE37 or SE93? Can I still access tcodes I am unauthorized?
07-02-2014 2:45 AM
07-02-2014 4:32 AM
Ah, I thought there are other ways aside from debugging or accessing SE37/SE93..
Thanks for your reply Jovee..
07-02-2014 4:53 AM
There's none because it defeat the purpose of putting security and authorizations in place. only way you can do it is by changing values of the sy-subrc in debugging mode. This is also the reason why debugging access is set to read only in production to avoid unnecessary execution of programs/transactions in the system.
07-02-2014 5:28 AM
06-30-2014 8:07 AM
HI
you can use SE37 (for FM)
then CC_CALL_TRANSACTION_NEW_TASK
and execute this FM..
Thanks!
07-01-2014 2:38 PM
Hi Krishna,
Aside from debugging in SE37 or SE93, can I still access tcodes I am unauthorized?
06-30-2014 2:01 PM
hi,
having debugging option makes you able to debug any tcode somehow.
typing /h into the tcode-field enables debugging. the next action you do is starting the debugger
thats why only trusty people should have debug-authorization
by the way: post http://scn.sap.com/message/15149782#15149782 is restricted
regards
Stefan Seeburger
07-01-2014 2:46 PM
What do you mean mate by post is restricted in that link?
Are there other ways to access tcodes which I don't have authorization for and without using SE37 or SE93?
07-01-2014 3:51 PM
Hi Loed,
i cant open your link - access denied.
without beeing in any transaction you can type /h in the transaction-code-field. Then you can type in the transaction-code you want to enter/debug. set breakpoint on authority check and "sy-subrc = 0" all requests. You will be able to use this transaction after accepting each authority-check. the bigger the transaction the more uncomfortable this is.
regards
Stefan Seeburger
07-02-2014 4:43 AM
Here is the link mate:
http://scn.sap.com/message/15149782
For example, I am in the main window (the window after logging on), after entering /h where will I type the transaction code I want to access?
07-02-2014 10:24 AM
Hi Loed,
you type both in the transaction field.
type in "/h" --> enter --> type in "LSMW" --> enter --> "debugger is starting" --> set breakpoint at command "authority-check"
regards
Stefan Seeburger
07-03-2014 10:38 AM
Yeah, already tried it mate but can't make it work..I tried accessing ST22 (see below posts with Pranav Agrawal)..
Loed
07-02-2014 4:41 AM
Hi Loed,
I would say the ultimate solution to your query is to use sy-subrc check flag and then after authority-check i.e. in SAP system, most of the authorizations are maintained via Authority-check followed by check on sy-subrc if sys-cubrc check fails then a error is thrpwn stating "No authorization".
I would recommend you to primarily put /h in command box followed by the required TCODE and then after followed by breakpoint at statement authority-check, after that you will stop at all the instances where authority-check will get executed you just need to pass the failure of sy-subrc and the you can debug the required t-codes.
Please validate the same at your end as well, please drop backa a reply in case you require further inputs.
BR/Thanks
Pranav Agrawal
07-02-2014 5:26 AM
Hi Pranav,
I tried this but I can't make it work..I can debug but I think there are so many sy-subrc that you need to bypass..There is also lv-subrc something that was used and equated to sy-subrc..I also saw the authority-check command but it's not the only authorization command that is needed to bypass..
Anyway. thanks for the help..=)
By the way, did you already try this? Did you make it work?
Thank you!
Loed
07-02-2014 6:48 AM
Yes Loed, at once I wanted to use LSMW transaction, and I was not having the access, but by by-passing sy-subrc 5-6 times I was able to operate the LSMW Transaction.
Anyways I would suggest when you are using this said method, you need to by-pass all the authority-check sy-subrc passes.
BR/Thanks
Pranav Agrawal
07-02-2014 7:47 AM
Ok mate I will just try it again..By the way I'm trying the ST22 tcode here..
Thank you..
Loed