RE:[sap-security] Using custom transaction to avoid SE16 doesn't work in ECC 6.0 upgraded system
Posted by
Admin at
|
Share this post:
|
|
0 Comments
 | Posted by plgaffney (Applications Architect) on May 13 at 3:38 PM |  Mark as helpful |
While these responses provide possible solutions, I have put in a note with SAP trying to find a resolution without making our developers completely rewrite this custom functionality. We are on a tight schedule with minimal resources (of course) and can't afford to give up the estimated hours to take on this task without delaying the upgrade.
---------------Original Message---------------
From: plgaffney
Sent: Monday, May 03, 2010 4:37 PM
Subject: Using custom transaction to avoid SE16 doesn't work in ECC 6.0 upgraded system
> We do not give out SE16 in our production boxes (for the most part) due to the potential of users updating tables using SE16 rather than the appropriate SAP delivered transaction. So, for our custom tables, we created custom transactions and in the programs required auth checks on S_TABU_DIS for the allowed activity and table auth group. This works up through our ECC 5.0 systems.
>
> We're upgrading to ECC 6.0 now and it appears that OSS NOTE 1224620 in FORM Authority_Check_S_Tabu_Lin has added code that if the transaction executed is not SE16, it still checks to see if the user has SE16. The point is we DON'T want them to have SE16, but we do want them to be able to update these custom tables via the tcodes/programs (with S_TABU_DIS authority checks). Any thoughts on how to get around this?
>
> Thank you,
> Patti Gaffney
__.____._ ---------------Original Message---------------
From: plgaffney
Sent: Monday, May 03, 2010 4:37 PM
Subject: Using custom transaction to avoid SE16 doesn't work in ECC 6.0 upgraded system
> We do not give out SE16 in our production boxes (for the most part) due to the potential of users updating tables using SE16 rather than the appropriate SAP delivered transaction. So, for our custom tables, we created custom transactions and in the programs required auth checks on S_TABU_DIS for the allowed activity and table auth group. This works up through our ECC 5.0 systems.
>
> We're upgrading to ECC 6.0 now and it appears that OSS NOTE 1224620 in FORM Authority_Check_S_Tabu_Lin has added code that if the transaction executed is not SE16, it still checks to see if the user has SE16. The point is we DON'T want them to have SE16, but we do want them to be able to update these custom tables via the tcodes/programs (with S_TABU_DIS authority checks). Any thoughts on how to get around this?
>
> Thank you,
> Patti Gaffney
Copyright © 2010 Toolbox.com and message author.
Toolbox.com 4343 N. Scottsdale Road Suite 280, Scottsdale, AZ 85251
Toolbox.com 4343 N. Scottsdale Road Suite 280, Scottsdale, AZ 85251
Related Content
In the Spotlight
White Papers
In the Spotlight
Your SAP Security is at Risk...Learn How to Stay Protected. Read the free white paper from SenSage
View this thread online
Manage group e-mails
Create an FAQ on this topic
Tell us what you think
Unsubscribe from discussion
Manage group e-mails
Create an FAQ on this topic
Tell us what you think
Unsubscribe from discussion
