Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Which parameter governs risk analysis of coupled Tcodes?

Go to solution
khush_bafna
Explorer

‎02-09-2014 5:54 AM

0 Kudos

Hi all,

I have some Tcode(TCODE1) that are called in the background on executing certain tcode ( TCODE2).

Currently when i run risk analysis for any role having TCODE1, i also get a violation for TCODE2.

Please tell me how can i control this behaviour?

I do not want the coupled tcodes to be included in risk analysis.

Best Regards,

Khush Bafna.

1 ACCEPTED SOLUTION

Go to solution
Colleen
Advisor
Advisor

‎02-09-2014 11:05 PM

0 Kudos

Hi Khush

In the security roles build are both TCODE1 and TCODE2 added to the role (via role menu or manual S_TCODE added)? If so, does that mean the user can directly execute TCODE2 from their menu without going through TCODE1 first?

If that is the case, then TCODE2 should flag as a risk

The only way to exclude the TCODE2 is to change the function definition to remove the action. However, if TCODE2 contributes to a risk you don't want to do this.

If you have a TCODE1 that calls another TCODE2 and you don't want the user to have access you should look at SE97 configuration to switch of S_TCODE check. This way you don't give out S_TCODE = TCODE2 when user needs just TCODE1.

Regards

Colleen

1 REPLY 1

Go to solution
Colleen
Advisor
Advisor

‎02-09-2014 11:05 PM

0 Kudos

Hi Khush

In the security roles build are both TCODE1 and TCODE2 added to the role (via role menu or manual S_TCODE added)? If so, does that mean the user can directly execute TCODE2 from their menu without going through TCODE1 first?

If that is the case, then TCODE2 should flag as a risk

The only way to exclude the TCODE2 is to change the function definition to remove the action. However, if TCODE2 contributes to a risk you don't want to do this.

If you have a TCODE1 that calls another TCODE2 and you don't want the user to have access you should look at SE97 configuration to switch of S_TCODE check. This way you don't give out S_TCODE = TCODE2 when user needs just TCODE1.

Regards

Colleen