Skip to Content
avatar image
Former Member

SOX Critical Transaction

Hi Experts,

Can you please provide the most critical SOX Transaction in SAP R/3.

Also Please Provide the associated risk description.

Best Regards,

Jagat

Add comment
10|10000 characters needed characters exceeded

  • Get RSS Feed

3 Answers

  • Best Answer
    avatar image
    Former Member
    May 16, 2008 at 10:27 AM

    Hello,

    Although there might be many SOX critical transactions, but i have prepared a handy list of some most critical ones.

    TCODES Critical Risk Description

    F.80 Mass Reversal of Documents

    FI12 Change House Banks/Bank Accounts

    F.34 Credit Limit Mass Changes

    CA87 Mass Replace Work Center

    CL04 Delete Class

    CAT6 Human Resources

    IP30 Run Date Monitoring

    LN08 Number range maint.: LVS_LENUM

    PA20 Display HR Master Data

    PA70 Fast Entry

    PA30 Maintain HR Master Data

    PFCG Role Maintenance - System integrity, stability at risk

    MMPV Close Periods

    MMRV Allow Posting to previous Period

    RZ04 Maintain SAP Instances

    SU01 User Maintenance - Should be restricted to User Admins only

    SA38 ABAP Reporting -Can run programs not protected appropriately

    SCC1 Client Copy - Special Selections

    SCC4 Client Admin. - System stability & integrity at risk

    SCC5 Delete Client - System stability at risk

    SCC6 Client Import - System stability & integrity at risk

    at risk

    SCCL Local Client Copy - System stability & integrity at risk

    SE01 Transport Organizer - System stability & integrity at risk

    SE11 Data Dictionary Maint. - System stabiltiy & integrity at ris

    SE13 Maintain tech tables settings - System stabilitiy at risk.

    SE16 Data Browser - Exposure to confidential information

    SE37 Function Builder

    SE38 ABAP Editor - System stabiltiy & integrity at risk

    SM01 Lock Transactions - System stabiltiy at risk

    SM02 System Messages - Should be restricted to System Admins only

    SM30 Table Maintenance - System integrity & stability at risk

    SM49 Execute OS commands - System stability at risk

    SU02 Profile Maintenance - System stability and integrity at risk

    Thanks & Best Regards,

    Amol Bharti

    Add comment
    10|10000 characters needed characters exceeded

  • avatar image
    Former Member
    May 19, 2008 at 08:10 AM

    All companies and Auditors (external/internal) have a different view on what is a CRITICAL transaction, although there is probably a core. These lists change dependent upon which version of SAP you are working with and strangely enough the countries you work in as well.

    I have a list of about 100 Tcodes that I obtained from a UK based Big 4 team.

    Function ID Description TCODE T-code Description

    Process Vendor Invoices MRRS Evaluated Receipt Settlement

    Credit Management F.34 Credit Management - Mass Change

    Archiving KA10 Archive cost centers (all)

    Archiving KA12 Archive cost centers (plan)

    Archiving KA16 Archive cost centers (line items)

    Archiving KA18 Archive admin: assess., distr., ...

    Archiving SARA Archive Administration

    Archiving VARK Archiving

    Basis Development SE11 ABAP Dictionary

    Basis Development SE13 Maintain Technical Settings (Tables)

    Basis Development SE37 ABAP Function Modules

    Basis Development SE38 ABAP Editor

    Basis Development SE93 Maintain Transaction Codes

    Basis Table Maintenance SE16 Data Browser

    Basis Table Maintenance SM30 Call View Maintenance

    Basis Table Maintenance SM31 Call View Maintenance Like SM30

    Basis Table Maintenance SPRO Customizing - Edit Project

    Basis Utilities SE41 Menu Painter

    Client Administration SCC1 Client Copy - Special Selections

    Client Administration SCC4 Client Administration

    Client Administration SCC5 Delete Client

    Client Administration SCC7 Post-Client Import Methods

    Client Administration SCC8 Client Export

    Client Administration SCC9 Remote Client Copy

    Client Administration SCCL Local Client Copy

    Configuration RZ04 Maintain SAP Instances

    Configuration RZ06 Alerts Thresholds Maintenance

    Configuration SM63 Display/Maintain Operating Mode Sets

    Configuration SMLG Maint.Assign. Logon Grp to Instance

    Configuration RZ10 Maintain Profile Parameters

    Configuration SM49 Execute external OS commands

    Configuration SM69 Maintain External OS Commands

    Create Transport SE06 Set Up Transport Organizer

    Create Transport SE09 Transport Organizer

    Create Transport SE10 Transport Organizer

    Create Transport SE01 Transport Organizer (Extended)

    Perform Transport STMS Transport Management System

    Security Administration PFCG Role Maintenance

    Security Administration SM19 Security Audit Configuration

    Security Administration SU01 User Maintenance

    Security Administration SU02 Maintain Authorization Profiles

    Security Administration SU10 User Mass Maintenance

    Security Administration SU12 Mass Changes to User Master Records

    Security Administration SU03 Maintain Authorizations

    Security Administration SU05 Maintain Internet Users

    Security Administration SU20 Maintain Authorization Fields

    Security Administration SU21 Maintain Authorization Objects

    Security Administration SU22 Auth. Object Usage in Transactions

    System Administration OBR1 Delete Documents

    System Administration SM01 Lock Transactions

    System Administration SM12 Display and Delete Locks

    System Administration SM51 List of SAP Systems

    System Administration SM54 TXCOM Maintenance

    System Administration SM55 THOST Maintenance

    System Administration SM56 Number Range Buffer

    System Administration SM58 Asynchronous RFC Error Log

    System Administration SM59 RFC Destinations (Display/Maintain)

    System Administration SMLT Language Management

    System Administration SPAD Spool Administration

    System Administration SM50 Work Process Overview

    Transport Administration SE01 Transport Organizer (Extended)

    Transport Administration SPAM Support Package Manager

    Transport Administration SE06 Set Up Transport Organizer

    Transport Administration SE09 Transport Organizer

    Transport Administration SE10 Transport Organizer

    Transport Administration STMS Transport Management System

    Maintain User Master SU05 Maintain Internet Users

    Maintain User Master PFCG Role Maintenance

    Maintain User Master SU01 User Maintenance

    Maintain User Master SU10 User Mass Maintenance

    Maintain User Master SU12 Mass Changes to User Master Records

    Maintain Profiles / Roles SU02 Maintain Authorization Profiles

    Maintain Profiles / Roles SU03 Maintain Authorizations

    Maintain Profiles / Roles SU20 Maintain Authorization Fields

    Maintain Profiles / Roles SU21 Maintain Authorization Objects

    Maintain Profiles / Roles SU22 Auth. Object Usage in Transactions

    Maintain Profiles / Roles PFCG Role Maintenance

    Maintain Bank Master Data FI01 Create Bank

    Maintain Bank Master Data FI02 Change Bank

    Maintain Bank Master Data FI06 Set Flag to Delete Bank

    Maintain Posting Periods MMPV Close Periods

    Maintain Posting Periods OB52 C FI Maintain Table T001B

    Post Journal Entry F.80 Mass Reversal of Documents

    Goods Movements MB04 Subsequ.Adj.of "Mat.Provided"Consmp.

    Maintain Material Master Data MMDE Delete All Materials

    Maintain Purchase Order ME59 Automatic Generation of POs

    Maintain Purchase Order MEMASSPO Mass Change of Purchase Orders

    EBP / SRM Product Maintenance COMMPR02 #N/A

    Add comment
    10|10000 characters needed characters exceeded

  • avatar image
    Former Member
    Apr 16, 2013 at 06:15 PM

    Hi Experts,

    Could  you  provide the any list of critical SOX authorization objects in SAP R/3.?

    Best Regards,

    Roberto Paiva

    Add comment
    10|10000 characters needed characters exceeded