• USA : +1 973 910 5725
  • INDIA: +91 905 291 3388
  • info@tekslate.com
  • Login

Miscellaneous Security in SAP-Security

Maintain T-codes with SE93

New t-codes can be created through the transaction SE93. In the example below, the t-code is created to call a program during execution. We can also create parameter transactions to which call standard sap transactions (like SE16 or SM30) or launch an ABAP query.

From the security perspective SE93 allows us to add a value for the authorization object field. This authorization object with the values specified for its fields, will be checked in addition to S_TCODE before the transaction is started.

Below we see the Se93 entry for the common HR t-code PP01. To start this transaction an user would need P_TCODE with TCD value PP01 in his user buffer, in addition to S_TCODE entry.

Capture.1408

SE93 – Auth Obj for Transaction Start

SHD0 – Maintain Transaction Variants

Transaction variants allows us to selectively mask certain fields in SAP transactions/screens. Though strictly not a security tool, transaction variants can have applications in security by helping to prevent users from updating fields which are not protected through authorization objects.

Transaction Variants are created trough the SHD0 t-code. The initial screen SHD0 is given below. To create a transaction variant we mention the name of the parent transaction, give a name of the variant and click the create button.

Desired to gain proficiency on SAP Security? Explore the blog post on SAP Security Training
 to become a pro in SAP Security.

Capture.1409

In our example below, we create a transaction variant ZSU01 for the very common SU01 tcode. The transaction variant allows an administrator only to reset passwords and hides all other functions of SU01. Each transaction variant contains of one or more screen variants depending on the number of screens being called in the entire transaction flow. We don’t have to manually keep track of the screen variants when we are working with transaction variants. As we move from one screen to the next, SHD0 automatically creates and appends a new screen variant to the sequence.

On clicking the create button for ZSU01, we are taken to the standard SU01 screen. We enter a user name and click the change password button. A pop-up window appears with a list of the screen fields. This window contains the attributes of our first screen variant. Its here where we enter a name of the screen variant and can selectively mark screen fields to invisible/output only/required, etc.

Capture.1410

SHD0 – Confirm screen entries for SU01 initial screen

The screen variant window has a button for “Menu Functions” where we can selectively hide/deactivate menu items or toolbar buttons. Since our intention is to disable everything except password change options, we end up with below screen.

Capture.1412

On clicking the check button from the screen variant we are taken to the next screen and need to save our entries for the password change screen.

Capture.1411

SHD0 – Confirm screen entries for password change

On clicking, the save and exit button we are taken to the overview screen for the transaction variant. As shown below, this screen gives the definition of the individual screen variants which form part of the transaction variant. On saving our entries, we are taken to the SHD0 initial screen which shows the transaction variant and the screen variants defined under it.

SHD0 provides a test button here we can check if the newly created transaction variants works as per our requirement. Once tested we create a new Z transaction (ZSU01) for the transaction variant by following the menu path Goto>Create Variant Transaction

Check out the top SAP Security Interview Questions now!

Capture.1413

SE93 – Create variant transaction

Capture.1414

Once set up, this new transaction can be assigned to a user’s role just like a normal transaction. Executing, ZSU01 display a modified form of SU01 screen with all functions other than change password button is disabled.

Capture.1415

Executing transaction variant for SU01

For Indepth knowledge on SAP Security click on:

Summary
Review Date
Reviewed Item
Miscellaneous Security in SAP-Security
Author Rating
5

“At TekSlate, we are trying to create high quality tutorials and articles, if you think any information is incorrect or want to add anything to the article, please feel free to get in touch with us at info@tekslate.com, we will update the article in 24 hours.”

0 Responses on Miscellaneous Security in SAP-Security"

Leave a Message

Your email address will not be published. Required fields are marked *

Site Disclaimer, Copyright © 2016 - All Rights Reserved.