Solved: Hideing tabs in a trasaction

Former Member · ‎03-19-2008

Is it possible to hide tabs of a transaction using authorization concept...

Or do we need to make ABAP change for the tcode.

Edited by: Hussain Sehorewala on Mar 19, 2008 5:05 PM

Former Member · ‎03-19-2008

It depends entirely on what the transaction is. MM01/2/3 for example controls access to tabs via material status and object M_MATE_STA

l_borsboom · ‎03-19-2008

This totally depends on the transaction(s) involved. Could you specify them?

Kind regards,

Lodewijk

Former Member · ‎03-19-2008

It depends entirely on what the transaction is. MM01/2/3 for example controls access to tabs via material status and object M_MATE_STA

l_borsboom · ‎03-19-2008

Hi Alex,

I am glad we are telling Hussain the same thing

Lodewijk

Former Member · ‎03-19-2008

Hi Lodewijk,

Standard security answer #3 is always good to see

.....it depends.....

Former Member · ‎03-23-2008

Thanks for the infomation. But i am still gathering requirments . So i need a reference book or material for all tcodes possible . How can i find that?

jurjen_heeck · ‎03-23-2008

>


> Thanks for the infomation. But i am still gathering requirments . So i need a reference book or material for all tcodes possible . How can i find that?

You can not. For starters, not all transactons have tabs and some do not have more than one field... Also consider the amount of SAP transactions and the number of documents you'd end up with. If you browse through this forum you will notice that requests for all information are almost impossible to fullfill. You'll find no general solutions here, simply because they often don't exist.

If you're trying to harvest knowledge I think you're in the wrong place.

If you have a specific problem, tell us the details and we'll help you find a solution.

Jurjen

Former Member · ‎03-24-2008

I am sure you will answer me for specific tcode if i ask you. But Give a man a fish and you will feed him for a day. Teach a man to fish and you will feed him for a lifetime.

So please let me know if there is any technique to find out the same ? Or is it just you learn with exprience ?

jurjen_heeck · ‎03-24-2008

> Or is it just you learn with exprience ?

It is indeed. The basic problem starts with the fact that transactions in the various modules are put together in a completely different way. (made by deffirent teams of people or in some case by different companies and integrated in a later stage)

In some modules the blocking of tabs and fields is set up via IMG and is perfectly controlable with authorizations (SD has some examples, or CRM's transaction BUPA and many more of which I do not know yet) whereas others would need custom transactions or code to hide fields. In HR some things are controlled by user parameters....

It may even be dangerous to hide certain fields purely from a security point of view as they may become mandatory under unforseen conditions.....

In my opinion a security officer/consultant should not try to understand the whole scope of an implementation by him/herself but does need a thourough understanding of the systemwide basics. When the setup conditions differ per module, and this is a very good example, the module specialists are the ones to know the details and should be able to help you on your way.

So you want to learn to fish for all the different kind of fish and shellfish in the world, at the same time? Go talk to a fisherman

Jurjen

Former Member · ‎03-24-2008

Well now i am feeling a bit confident for implimenting security my landscape ....

As you said funtional ppl are the one who will lead.

But then technical person is responsible for atleast knowing what is possible and how .

For that is it feasible to use system trace or user trace funtion . Or will be very cumbersome?

Anyother altrenative.

Former Member · ‎03-24-2008

I am not logged on to a SAP system, haven't been fishing in years and have some doubts in my hobby-farmer skill as a mongoose recently who got into the chicken-run which I built killed all the chickens, except one hen... but I will have a go at it anyway:

If you can identify a specific coding which is used to build a screen with tabs, and that coding is used consistently in the system where transactions have screens with tabs, then you could either do a where-used-list on the coding if it is modularized (e.g. a function module) or scan for a statement string indicating that tabs are available.

As far as the security is concerned, that could differ in the implementation in each case as also mentioned by Jurjen. Some might look in customizing (IMG), others might look in authorizations (authority-check), others might be user parameters (Get/Set parameters), and other might be influencable via user-exits (CMOD), some might even depend on the transaction code used (system field SY-TCODE), or the name of the calling program (system field SY-CPROG).

I don't think that trying to get them all in one go is the correct approach... like the mongoose did , but rather where you use a transaction or report or whatever, check to see whether security can influence the implementation and is needed to, and then how.

Cheers,

Julius

Former Member · ‎03-25-2008

I am getting a feeling that security is no way a easy place to be in. It requires insight of almost all SAP processes, modules , functionalities and technicalities as well.

This post has given be far better idea where my intreasts are and in which direction to head.

Will be a but greedy and will not close the post, will wait for some more gurus giving their valueble inputs.

Former Member · ‎03-25-2008

I agree with you that one needs to manage the complexity of a system (including a specific installation of a system and a security concept for it). There is no doubt about that for me.

SAP is a large and complex eco-system, most (if not all) of which can be influenced by security (not only authorizations), so if anybody tells you that it is easy, then they will likely also tell you tales of big fish which got away... and other marketing fables...

Here is also a thread with some comments which might interest you:

And here is a Blog which might interest you: /people/jim.spath/blog/2008/02/29/beware-of-geeks-baring-grifts

And for more specific examples, here is "the big pond": https://forums.sdn.sap.com/search.jspa?threadID=&q=authorizationfortabs&objID=&dateRange=all&numResults=15&rankBy=10001

Kind regards and good luck with the fishing

Julius

Former Member · ‎03-25-2008

Thanks for getting me donwn to the big pond. And the blog is also enlighting...

"Teach a man to fish, and though he's fed for life, he'll call you a miser for not giving him your fish."

But i will not cause you gave me the fish too

Edited by: Hussain Sehorewala on Mar 25, 2008 2:53 PM

Former Member · ‎03-25-2008

While waiting for other fish to bite, you might also want to consider reading the instruction manuals - though that is often a last resort, when all else fails and all hope seems gone

Cheers,

Julius

Former Member · ‎03-25-2008

yes very true !!! but for me the approch is other way round. I have already started reading SAP training guide adm940 950 and 960 and later want to go through HR and BI security guides too.

All security experts must have done it in their childhood days

Former Member · ‎05-05-2008

There is no specific answer to my Question but replies were of great help

Former Member · ‎05-05-2008

Hi Hussein,

Glad you found it useful, that is one of those questions where the answer is "it depends". It would have been an interesting question to ask your instructor on the ADM* courses!