Skip to Content

Critical Tcodes and Security Objects

Please provide a list of Critical Tcodes(all Modules) and Critical Authorization Objects.

How to determine whether a certain a Tcode id Critical fro a Project?

Thanks in advance.

Add comment
10|10000 characters needed characters exceeded

  • Get RSS Feed

4 Answers

  • Best Answer
    avatar image
    Former Member
    Dec 26, 2007 at 06:57 AM

    Hi Gautam,

    hope this link helps you

    http://sapnetweavernotes.blogspot.com/search/label/SoD-%20Matrix

    thanks

    kishore

    Add comment
    10|10000 characters needed characters exceeded

  • avatar image
    Former Member
    Dec 26, 2007 at 06:10 PM

    HI,

    Critacal T.CODES SA38,SE38,STMS,SE01. Like we have some tcodes which should not not have access to every one, specially sa38 and se38 in production server. if you want briefe go through with this link.

    http://help.sap.com/saphelp_nw70/helpdata/en/0e/4f8f40f3b19920e10000000a1550b0/frameset.htm

    <removed_by_moderator>

    Add comment
    10|10000 characters needed characters exceeded

  • avatar image
    Former Member
    Dec 27, 2007 at 10:09 AM

    for database administration you have

    DB01 Analyze exclusive lock waits

    DB02 Analyze tables and indexes

    DB03 Parameter changes in database

    DB11 Early Watch Profile Maintenance

    DB12 Overview of Backup Logs

    DB13 Database administration calendar

    DB14 Show SAPDBA Action Logs

    DB15 Data Archiving: Database Tables

    DB16 DB System Check: Monitor

    DB17 DB System Check: Configuration

    DMIG Start Transaction for Data Migration

    DB2 Select Database Activities

    DB20 DB Cost-Based Optimizer: Tab. Stats

    DB21 DB Cost-Based Optimizer: Config.

    DB24 Database Operations Monitor

    DB26 DB Profile:Monitor and Configuration

    DB2J Manage JCL jobs for OS/390

    DBCO Database Connection Maintenance

    AL02 Database alert monitor

    AL09 Data for database expertise

    ST04 Select activity of the databases

    for system administration you have,

    OSS1 Logon to Online ServiceSystem

    SAINT Plug-in Installation

    SICK Installation Check

    SM01 Lock Transactions

    SM02 System Messages

    SM12 Display and Delete Locks

    SM13 Display Update Records

    SM14 Update Program Administration

    SM21 System log

    SM23 System Log Analysis

    SM28 Installation Check

    SM29 Model Transfer for Tables

    SM30 Call Up View Maintenance

    SM34 Viewcluster maintenancecall

    SM35 Batch Input Monitoring

    SM36 Batch request

    SM37 Background job overview

    SM38 Queue Maintenance Transaction

    SM39 Job analysis

    SM49 Execute Logical Commands

    SM50 Work Process Overview

    SM51 List of SAP Servers

    SM54 TXCOM maintenance

    SM55 THOST maintenance

    SM56 Number Range Buffer

    SM58 Asynchronous RFC Error Log

    SM59 RFC Destinations (Display/Maintain)

    SM60 Borrow/Return Objects

    SM61

    SM62

    SM63 Display/Maintain Operating Mode Sets

    SM64 Release of an event

    SM65 Background Processing Analysis Tool

    SM66 System-wide Work Process Overview

    SM67 Job scheduling

    SM68 Job administration

    SM69 Display/Maintain Logical Commands

    SMEN Dynamic menu

    SMGW Gateway Monitor

    SMLG Maintain Logon Group

    SMLI Language import utility

    SMLT Language transport utility

    SMOD SAP Enhancement Management

    SMT1 Trusted Systems (Display <-> Maint.)

    SMT2 Trusting systems (Display <->Maint.)

    ST06 Operating System Monitor

    RZ20 CCMS Monitoring

    SSAA System Administration Assistant

    SSCA Appointment Diary: Administration

    SRZL CCMS

    SSM1 Session Manager generation call

    ST01 System Trace

    ST02 Setups/Tune Buffers

    ST03 Performance, SAP Statistics, Workload

    ST05 SQL Trace

    ST07 Application monitor

    ST08 Network Monitor

    ST11 Display Developer Traces

    ST12 Application Monitor

    ST14 Application Analysis

    ST22 ABAP Runtime Error Analysis

    ST22 ABAP/4 Runtime Error Analysis

    ST62 Create industry short texts

    STAT Local transaction statistics

    STUN Performance Monitoring

    SQ01 SAP Query: Maintain queries

    SQ02 SAP Query: Maintain funct. areas

    SQ03 SAP Query: Maintain user groups

    SQ07 SAP Query: Language comparison

    SQVI QuickViewer

    SPHA Telephony administration

    Add comment
    10|10000 characters needed characters exceeded

  • Jan 11, 2008 at 09:15 AM

    All transaction codes in SAP are more or less critical, when executed by incompetent users or people with malicious intents... there is no exhaustive list.

    In addition, limitations on t-codes need to be related to the underlying authorization objects in order to provide a fairly safe operating environment.

    As for creating a foolproof system, there's only one method: lock all users. 😊

    Add comment
    10|10000 characters needed characters exceeded

    • Former Member

      Simple answer, as long as you are in project mode In a DEV or QAS system, noting is really critical.

      What is really critical after go-live needs to be determined by your company, normally this is done by the department of the controller or something alike. Anyway it should be under the finance manager as he is personnally reponsible when something goes wrong!

      As for examples of critical TRX see other answers, although these are probably far from a complete list!