Re: [sap-security] Using custom transaction to avoid SE16 doesn't work in ECC 6.0 upgraded system
Posted by
Admin at
|
Share this post:
|
|
0 Comments
 | Posted by Sonia (Sap Bas and Security Design Consultant) on May 13 at 3:22 PM |  Mark as helpful |
Patti,
Did you got the solution for your query?
Thank you,
Sonia
On Mon, May 3, 2010 at 4:31 PM, plgaffney via sap-security <
sap-security@groups.ittoolbox.com> wrote:
> Posted by plgaffney(Applications Architect)
> on May 3 at 4:31 PM
> We do not give out SE16 in our production boxes (for the most part) due to
> the potential of users updating tables using SE16 rather than the
> appropriate SAP delivered transaction. So, for our custom tables, we created
> custom transactions and in the programs required auth checks on S_TABU_DIS
> for the allowed activity and table auth group. This works up through our ECC
> 5.0 systems.
>
> We're upgrading to ECC 6.0 now and it appears that OSS NOTE 1224620 in FORM
> Authority_Check_S_Tabu_Lin has added code that if the transaction executed
> is not SE16, it still checks to see if the user has SE16. The point is we
> DON'T want them to have SE16, but we do want them to be able to update these
> custom tables via the tcodes/programs (with S_TABU_DIS authority checks).
> Any thoughts on how to get around this?
>
> Thank you,
> Patti Gaffney
__.____._ Did you got the solution for your query?
Thank you,
Sonia
On Mon, May 3, 2010 at 4:31 PM, plgaffney via sap-security <
sap-security@groups.ittoolbox.com> wrote:
> Posted by plgaffney(Applications Architect)
> on May 3 at 4:31 PM
> We do not give out SE16 in our production boxes (for the most part) due to
> the potential of users updating tables using SE16 rather than the
> appropriate SAP delivered transaction. So, for our custom tables, we created
> custom transactions and in the programs required auth checks on S_TABU_DIS
> for the allowed activity and table auth group. This works up through our ECC
> 5.0 systems.
>
> We're upgrading to ECC 6.0 now and it appears that OSS NOTE 1224620 in FORM
> Authority_Check_S_Tabu_Lin has added code that if the transaction executed
> is not SE16, it still checks to see if the user has SE16. The point is we
> DON'T want them to have SE16, but we do want them to be able to update these
> custom tables via the tcodes/programs (with S_TABU_DIS authority checks).
> Any thoughts on how to get around this?
>
> Thank you,
> Patti Gaffney
Copyright © 2010 Toolbox.com and message author.
Toolbox.com 4343 N. Scottsdale Road Suite 280, Scottsdale, AZ 85251
Toolbox.com 4343 N. Scottsdale Road Suite 280, Scottsdale, AZ 85251
SoniaSAP Security Enthusiast
Contributed 100 posts in a group to earn a Bronze Achievement
Related Content
In the Spotlight
White Papers
In the Spotlight
Your SAP Security is at Risk...Learn How to Stay Protected. Read the free white paper from SenSage
View this thread online
Manage group e-mails
Create an FAQ on this topic
Tell us what you think
Unsubscribe from discussion
Manage group e-mails
Create an FAQ on this topic
Tell us what you think
Unsubscribe from discussion
