Skip to Content
avatar image
Former Member

T-codes not assigned to user role but have access

Dear Friends ,

I have few t-codes which I shouldn't be having and none of the roles I'm assigned to have access to these t-codes, for auditing purposes this access should be restricted but I'm not know how to approach , can some one throw some approach to figure this out ?

Thanks in advance .

Add comment
10|10000 characters needed characters exceeded

  • Get RSS Feed

3 Answers

  • Best Answer
    Nov 29, 2011 at 10:32 PM

    Hi,

    use one of the reports from SUIM or SU56 to figure out which profile/role gives you authorization to run that transaction. Are you talking about direct executing transaction? In some cases you can navigate to transaction from other transaction and authorization check is not performed or disabled.

    Cheers

    Add comment
    10|10000 characters needed characters exceeded

  • avatar image
    Former Member
    Nov 29, 2011 at 10:45 PM

    Yes - second the question - are you able to directly execute or are tumbling sideways into new transactions from some starting transaction?

    If you are getting to transactions that you believe you do not have an S_TCODE for and you are getting to them via another transaction, check transaction SE97 or table TCDCOUPLES for the calling transations/relationships/settings.

    Add comment
    10|10000 characters needed characters exceeded

    • Former Member Former Member

      Melissa - We are tyring to test this by creating a new role how do I know the list of t-codes in FICO to be blocked ( display only) in production as I know few of them which needs to be blocked but trying to get the consolidate all the t-codes , any advise ?

      Thanks in advance,

      Lakshmi.

  • avatar image
    Former Member
    Dec 02, 2011 at 11:02 PM

    BIG EDIT.. 😊

    After reading a few more times - you are worried that you have access to some transactions in PRD?

    The strange thing is - you are posting in a security and authorisations forum about having access to finance transactions.

    1. Are you an S&A bod?

    2. Do you have profiles assigned?

    3. Have you run the SUIM report for transactions executable for user?

    4. Do you have RAR and does that show anything bad?

    If you have been assigned a display all role which is now corrupted you will have more access than expected, your normal ST01 traces on yourself plus SUIM checks will throw up the causes if you haven't already checked through your roles and profiles listing.

    What does SUIM give for users by complex =you/roles or profiles

    Cheers

    David

    Edited by: David Berry on Dec 2, 2011 11:03 PM

    Edited by: David Berry on Dec 2, 2011 11:11 PM

    Edited by: David Berry on Dec 2, 2011 11:16 PM

    Add comment
    10|10000 characters needed characters exceeded