12-26-2007 6:29 AM
Please provide a list of Critical Tcodes(all Modules) and Critical Authorization Objects.
How to determine whether a certain a Tcode id Critical fro a Project?
Thanks in advance.
12-26-2007 6:57 AM
Hi Gautam,
hope this link helps you
http://sapnetweavernotes.blogspot.com/search/label/SoD-%20Matrix
thanks
kishore
12-26-2007 6:57 AM
Hi Gautam,
hope this link helps you
http://sapnetweavernotes.blogspot.com/search/label/SoD-%20Matrix
thanks
kishore
12-26-2007 6:10 PM
HI,
Critacal T.CODES SA38,SE38,STMS,SE01. Like we have some tcodes which should not not have access to every one, specially sa38 and se38 in production server. if you want briefe go through with this link.
http://help.sap.com/saphelp_nw70/helpdata/en/0e/4f8f40f3b19920e10000000a1550b0/frameset.htm
<removed_by_moderator>
12-27-2007 10:09 AM
for database administration you have
DB01 Analyze exclusive lock waits
DB02 Analyze tables and indexes
DB03 Parameter changes in database
DB11 Early Watch Profile Maintenance
DB12 Overview of Backup Logs
DB13 Database administration calendar
DB14 Show SAPDBA Action Logs
DB15 Data Archiving: Database Tables
DB16 DB System Check: Monitor
DB17 DB System Check: Configuration
DMIG Start Transaction for Data Migration
DB2 Select Database Activities
DB20 DB Cost-Based Optimizer: Tab. Stats
DB21 DB Cost-Based Optimizer: Config.
DB24 Database Operations Monitor
DB26 DB Profile:Monitor and Configuration
DB2J Manage JCL jobs for OS/390
DBCO Database Connection Maintenance
AL02 Database alert monitor
AL09 Data for database expertise
ST04 Select activity of the databases
for system administration you have,
OSS1 Logon to Online ServiceSystem
SAINT Plug-in Installation
SICK Installation Check
SM01 Lock Transactions
SM02 System Messages
SM12 Display and Delete Locks
SM13 Display Update Records
SM14 Update Program Administration
SM21 System log
SM23 System Log Analysis
SM28 Installation Check
SM29 Model Transfer for Tables
SM30 Call Up View Maintenance
SM34 Viewcluster maintenancecall
SM35 Batch Input Monitoring
SM36 Batch request
SM37 Background job overview
SM38 Queue Maintenance Transaction
SM39 Job analysis
SM49 Execute Logical Commands
SM50 Work Process Overview
SM51 List of SAP Servers
SM54 TXCOM maintenance
SM55 THOST maintenance
SM56 Number Range Buffer
SM58 Asynchronous RFC Error Log
SM59 RFC Destinations (Display/Maintain)
SM60 Borrow/Return Objects
SM61
SM62
SM63 Display/Maintain Operating Mode Sets
SM64 Release of an event
SM65 Background Processing Analysis Tool
SM66 System-wide Work Process Overview
SM67 Job scheduling
SM68 Job administration
SM69 Display/Maintain Logical Commands
SMEN Dynamic menu
SMGW Gateway Monitor
SMLG Maintain Logon Group
SMLI Language import utility
SMLT Language transport utility
SMOD SAP Enhancement Management
SMT1 Trusted Systems (Display <-> Maint.)
SMT2 Trusting systems (Display <->Maint.)
ST06 Operating System Monitor
RZ20 CCMS Monitoring
SSAA System Administration Assistant
SSCA Appointment Diary: Administration
SRZL CCMS
SSM1 Session Manager generation call
ST01 System Trace
ST02 Setups/Tune Buffers
ST03 Performance, SAP Statistics, Workload
ST05 SQL Trace
ST07 Application monitor
ST08 Network Monitor
ST11 Display Developer Traces
ST12 Application Monitor
ST14 Application Analysis
ST22 ABAP Runtime Error Analysis
ST22 ABAP/4 Runtime Error Analysis
ST62 Create industry short texts
STAT Local transaction statistics
STUN Performance Monitoring
SQ01 SAP Query: Maintain queries
SQ02 SAP Query: Maintain funct. areas
SQ03 SAP Query: Maintain user groups
SQ07 SAP Query: Language comparison
SQVI QuickViewer
SPHA Telephony administration
01-11-2008 9:15 AM
All transaction codes in SAP are more or less critical, when executed by incompetent users or people with malicious intents... there is no exhaustive list.
In addition, limitations on t-codes need to be related to the underlying authorization objects in order to provide a fairly safe operating environment.
As for creating a foolproof system, there's only one method: lock all users.
01-11-2008 6:16 PM
Simple answer, as long as you are in project mode In a DEV or QAS system, noting is really critical.
What is really critical after go-live needs to be determined by your company, normally this is done by the department of the controller or something alike. Anyway it should be under the finance manager as he is personnally reponsible when something goes wrong!
As for examples of critical TRX see other answers, although these are probably far from a complete list!