Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

authorization object of transaction

Go to solution
former_member603176
Discoverer

‎02-13-2019 12:47 PM

Hi,

Im a beginner SAP Security.. and i have some doubts

How can i know which Object is linked to something in a transaction?

For example.. im in SU01 and i wanna know which object is linked to "edit" operation.

1 ACCEPTED SOLUTION

Go to solution
JanSchlichting
Active Participant

‎02-13-2019 1:05 PM

Hello,

for the start of the transaction you need S_TCODE.

Sometimes you need for the start more, that information is stored in table TSTCA.

So now to your question, what does the transaction require?

You can have a look at TX SU24:

Here are the authority objects listed. Proposal with "yes" is default.

So adding roles should be: S_USER_AUT. Of course you need the right activity also.

Regards

3 REPLIES 3

Go to solution
TammyPowlas
Active Contributor

‎02-13-2019 1:01 PM

Easiest way to to run an STAUTHTRACE on the user while the user runs the transaction. That will tell you everything

Go to solution
JanSchlichting
Active Participant

‎02-13-2019 1:05 PM

Hello,

for the start of the transaction you need S_TCODE.

Sometimes you need for the start more, that information is stored in table TSTCA.

So now to your question, what does the transaction require?

You can have a look at TX SU24:

Here are the authority objects listed. Proposal with "yes" is default.

So adding roles should be: S_USER_AUT. Of course you need the right activity also.

Regards

Go to solution
former_member603045
Member

‎02-13-2019 6:00 PM

You are able to find the required authorisation values through the transaction SU24 - alternatively you can find the objects/values through the tables.

If you have access to SE16 (other table viewer transactions are available - whichever is your favourite!) go to USOBT - put the required s_tcode value in to NAME and press Execute

Off the top of my head SU01 looks for the following auth objects (there are others):

S_USER_AGR - controls access to assignments of roles

S_USER_GRP - controls access to specific user groups. E.g. restrict users from resetting passwords in a Super/FF user group

S_USER_PRO - controls access to assignments of profiles

Each object would control different parts within the transaction.