NW74 authority check on call transaction
On NW74, ABAP help mentions that usage of CALL TRANSACTION statement without the new additions WITH AUTHORITY-CHECK or WITHOUT AUTHORITY-CHECK is obsolete; And among other things, these additions override the content of TCDCOUPLES.
Does that mean maintenance of calling-called tcode pairs in SE97/TCDCOUPLES beyond NW731 is not longer necessary?
I actually ran a test for SM21 that calls SM21_OLD, when the SM21-->SM21_OLD check in SE97 is disabled, the auth.check for SM21_OLD still takes place and shows in trace too!
And is it correct to infer that MM-- tcodes calling MM01 mean MM01 will need to be added to the relevant security roles?
I've searched forum for relevant posts/blogs, could not find any close hits on this find. Please share your thoughts, and if you found a way to still enforce such checks.
There are 2 checks in the kernel when you call a transaction -> the S_TCODE and the additional check in SE93 (table TSTCA). Sometimes this contains the S_TCODE as well (from days before the start check in the menu was there) and at other times a plausibility check as it makes no more sense to continue (it would seem).
CALL TRANSACTION sets sy-subrc = 0 for the transaction call on S_TCODE check. But TSTCA settings still set sy-subrc based on your authorizations.
The new syntax WITHOUT also bypasses this additional check. CALL TRANSACTION also commits the screens explicitly.
So yes, it forces the developer to show explicit intention and the checks MUST be performed beforehand.
Else, WITH will check S_TCODE and TSTCA etc and the calling program developer can leave the checks up to the target transaction. Eg, a list report with basic header data in ALV, with on-click navigation via CALL TRANSACTION to a document display with details and back again. But even here, you might not want to give users direct access to the target transaction, so the CALL TRANSACTION is still perfectly OK to use in several contexts.