Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Issue with TCode: DBG_TABLE_TO_EXCEL in Production

Former Member

‎10-11-2009 8:32 AM

0 Kudos

Hi,

While using SE38 in Production, user is trying to donwload the tables hence gets the error that 'not authorised to run TCode: DBG_TABLE_TO_EXCEL', there is no role in production wich has this TCode. I believe this TCode is called within SE38 only. Also while downlaoding using SE38 in Testing env, there is no eror message and the pop-up windows asking for path for data to be saved opens easliy. This is where the above mentioned message appears in Production.

Can anyone please tell me

1. why can't I find even any std. role for this std Tcode?

2. is this really permissible to download data while debugging? May be not hence no role form SAP?

3. If this is permissible then what objects need to be maintained in a new role to be created?

3. if users say the need to download while debugging in production, and it's not permissible, do we reject the demand then and there only?

<removed_by_moderator>

Thank you,

Rawat

Edited by: Julius Bussche on Oct 11, 2009 9:38 AM

Duplicate post rejected as well - please read the forum rules

8 REPLIES 8

Former Member

‎10-11-2009 8:46 AM

0 Kudos

This is critical because data in internal program tables would often still be subject to authorization checks. If the internal table can be downloaded from the debugger before the system has looped through the data to make those checks, you will either download an incorrect set of data (don't be surprised) or gain access to data which you might normally not be authorized for.

This is a nice example of a case for having an emergency user concept can help. If the problem really cannot be reconstructed in a test system or a developer cannot "spot it" in the development system (which a good developer should be able to do) then request a user for whom logs are activated, as an exception.

This way, no one needs such access during normal operations.

> if users say the need to download while debugging in production, and it's not permissible, do we reject the demand then and there only?

No. You just don't have it approved by who ever owns the data. So you (security admin) don't need to reject anything.

Cheers,

Julius

sdipanjan
Active Contributor

‎10-12-2009 12:34 AM

0 Kudos

This message was moderated.

Former Member
In response to sdipanjan

‎10-12-2009 8:37 AM

0 Kudos

Hi Friends,

Thanks for replying but perhaps I need more info from Security point of view. I repeat and clarfiy some of my doubts:

1.This might not be a new issue for you experienced guys so do we really grant this access in prod?

2. User has same set of roles in test n production. How come it's possible in test but not in prod?

3. If i am to make it possible in prod too then how do i do it? Why to create a new Role as already SE38 role allowing him to this in KTR? Do you suggest creation of a new role for DBG_TABLE_TO_EXCEL only? If yes why so, there is no such specific role in KTR.

4. Even if you suggest creating a new role then what would b the ACTVT for DBG_TABLE_TO_EXCEL roles, what corresponds to download there?

Waiting for your reply, i need to resolve it at the earliest.

Also, i wasn't able to open the link there, it says not authorised to do so. May be the some of my Qs above will get answerd in that link only, but i am unable to open it.

Thank you,

rawat

Former Member
In response to sdipanjan

‎10-12-2009 9:31 AM

0 Kudos

I rejected the link because it did not work. Try searching OSS for this transaction, and you will likely find the same yourself.

Cheers,

Julius

Former Member
In response to sdipanjan

‎10-12-2009 10:32 AM

0 Kudos

Sorry Julius, couldn't find one. Is there any other link you are aware of, google not helpful.

Former Member
In response to sdipanjan

‎10-12-2009 11:42 AM

0 Kudos

That's strange, because I find find a few.

As you have not even mentioned your release and SP level I am not going to read them all for you... If you are on 46C, then you need to upgrade to 7.00 for example to make use of the new debugger functionality...

Anyway, You can start by checking transaction ST22 to see whether there is a dump relating to this. From here you will have more usefull search terms for this problem.

Note: OSS generally won't give you advice about what is appropriate for your system environment, but rather what is possible and why the system does behave in certain ways - depending on your authorizations.

Without access to your system and your security requirements (nor a crystal ball) it is not possible to "tell you a solution", let alone "at the earliest".

Cheers,

Julius

Former Member
In response to sdipanjan

‎10-13-2009 7:12 AM

0 Kudos

HI Julius,

I still can't find them, please paste 1 or 2 links that you have found. Let me see if they are really beneficial or not.

Thank you

Rawat

sdipanjan
Active Contributor
In response to sdipanjan

‎10-13-2009 5:36 PM

0 Kudos

Please check for the SAP Note number: 729616

regards,

Dipanjan