Solved: Transaction Codes to be secured in the Production ...

Former Member · ‎10-04-2007

Hi,

Can any one please tell me what are the transaction codes and the authorization objects that are to be secured in the production System.

Thank You!

KR

Former Member · ‎10-05-2007

Hi KR,

Please use the below link to find some critical transactions

http://www.sapsecurityonline.com/sox_sod/sox_critical_transactions.htm

Regards

Ravi

Former Member · ‎10-05-2007

Hi KR,

Please use the below link to find some critical transactions

http://www.sapsecurityonline.com/sox_sod/sox_critical_transactions.htm

Regards

Ravi

Former Member · ‎10-06-2007

Hi Ravi,

Thank You!, Your reply really helped me. Points assigned

KR

Former Member · ‎10-07-2007

GKKR

please be aware that that list is by no means definitive. A lot of those transactions can be substituted by a plethora of OY* transactions. Other glaring omissions include MMPV - why isn't OB52 there? SE38 & SA38 are included but not many other ABAP workbench transactions that allow you to navigate to functions that you want to protect.

Most importantly you need to look at your S_* auth objects.

S_USER*

S_RZL_ADM

S_LOG_COM

S_RFC

S_DEVELOP

S_BTCH_ADM

and many others need addressing. Take a look at the object documentation for each (via SU21) to understand what they control

Former Member · ‎10-10-2007

Here are some other tcodes that needs to be secure in Production

OY20 - Authorizations

OY21 - User profiles

OY22 - Create sub administrator

OY24 - Client maintenance

OY25 - CS BC: Set up Client

OY27 - Create Super User

OY28 - Deactivate SAP*

Transaction Codes to be secured in the Production System