Malicious Usage of Tcode FB01 - Log Question

Former Member · ‎12-01-2008

Hi All

I have found a User who ran FB01 tcode in production system to post for a Company code which the user is not authorized,

I used the ST03N tcode to find the User has run the tcode on that day.

But the problem is the Usage log shows the user running the tcode under Update mode & not there is no log of the user running the tcode under Dialog mode.

I need to Determine if the user has run any batch jobs unknowingly & post for the wrong company code or is it delebarate action.

How can i prove this.

Plz clarify the course of action i need to take to prove whether this was intentional or unintensional action.

regards

Naveen

Former Member · ‎12-01-2008

Hi,

ST03n in expert mode should give you the details. Probably the task type is the field which will let you know the mode in which the work process was executed. The different modes are:

D Dialog,U Update,S Spool,I Batch input,B Batch,E Enqueue.

For more details: please refer http://help.sap.com/saphelp_nw70/helpdata/EN/d7/7de93a2176a418e10000000a11402f/frameset.htm

Former Member · ‎12-01-2008

Hi Subramanian

I have done the analysis & therefore found that the user has run the tcode in Update task type.

But how did the User run this tcode in Update task type is my question.

Thanks for the reply.

regards

Naveen

Former Member · ‎12-02-2008

Hi,

It is possible that the user have somewhere a * or a range in the S_TCODE object. What I do in such a case is an analyze from the user buffer. SU56 and go for the transactions. It is some work but it gives you all the transactions the user is allowed. As I said, be aware of * and ranges in S_TCODE.

have fun

Bye Jan van Roest