05-13-2015 8:14 AM
Hi All,
I got a requirement to fix all security issues in a report.
In my report we are calling one custom Tcode using the statement CALL TRANSACTION.
But as per security fixes,i need to check authorization before calling the transaction.
for that I used FM AUTHORITY_CHECK_TCODE to check authorization for the tcode.
After addition of above code,it's showing authorization error for the user in production.
After R&D I got to know that, CALL TRANSACTION won't check for authorization for the TCODE.
Now its checking Tcode authorization in production.
But my doubt is YTOCDE is not assigned with any authorization objects not event S_TCODE in SU24.
in that case user should not get authorization error as there is not auth object assigned.
Can any one tell me why authorization is failing?
Thanks
Naresh
05-13-2015 8:24 AM
Hi Naresh,
Please read the below documetation related to authority check issue while calling tcode using CALL TRANSACTION.
05-13-2015 11:04 AM
Hi Nagamani,
1. Tcode is not assigned with S_TCODE authorization object.
2. There is no entry in the table TCDCOUPLES
As mentioned in the document if there is no entry in the above table FM skips the auth check.
But in my case its checking for authorization.What could be the reason?
3. I couldn't understand third point.what is that profile parameter?
Thanks
Naresh Bammidi
05-13-2015 11:18 AM
Hi Naresh,
Then maintain the TCDCOUPLES table with the values as
TCODE --- is your main program tcode
CALLED ---- is your YTCODE
AND
OKFLAG ---- 'N'
then the system will bypass all the authorization checks related to that called transaction.
and other way is check wether that user has authorization for that tcode in the production system or not. If not mainatin TCODE in the authorization object S_TCODE.
Regards
Mani