Thursday, August 25, 2011

Restricting Call Transactions - SE97

Problem: We are in one transaction and we click on an ICON and it goes into different transaction, even when the user does not have access to that transaction.

Cause: In the coding there is a statement called CALL TRANSACTION. Normally when user executes a transaction the system is forced to check for S_TCODE and Field TCD. But in this case the Check is missed unless the Transaction mapping is in TCDCOUPLES table. The program checks the TCDCOUPLES  table and see if the called transaction need to be checked. If there is not entry then the check is not performed and user is able to get to the transaction even when the user does not have access to this t-code.

Solution:  Go to transaction SE97 which updates TCDCOUPLES table and add the t-code. So now you will have entry in TCDCOUPLES.
Examples: KSB5 form MB51, MD04 from ME2O, MMBE from MB51 and ME2O, KSB5 from MMBE

PS: This may not work for all transaction so testing is always required

No comments:

Post a Comment