Skip to Content
avatar image
Former Member

Various Ways to add Z t-code as risk in the system

Hello Team,

In my project, we have almost 80 t-codes that are customized(Z - Tcodes).

All these t-codes are either calling a std t-code or accessing some std tables.

Please note that :- Authority check statement is not maintained for any of the z-tcodes.

In GRC, we have maintained them as risk via two ways:-

1. Adding them as critical action

2. Adding the same t-code in 2 different function (Permission level is not maintained)

Please let me know if there are more other method to achieve the same

Add comment
10|10000 characters needed characters exceeded

  • Get RSS Feed

1 Answer

  • avatar image
    Former Member
    Jul 15, 2016 at 12:25 PM

    Hello Mili,

    If a custom tcode is similar to a standard tcode or basically calls a standard tcode, you might want to add the custom tcode into functions where the corresponding standard tcode exists.

    If a custom tcode reads a table then you might want to add it to functions where SE16 / SE17 is available. However, here you would want to add specific auth object values in permission list too.

    In any case, it is best to tag permissions, because having risk analysis only based on tcodes does not always give necessary results.



    Add comment
    10|10000 characters needed characters exceeded