topic Re: password for TCODE in Application Development and Automation Discussions

password for TCODE

Former Member — Thu, 11 Feb 2010 06:44:11 GMT

I need to set password for transaction code(co11n) while entering the command field. Is there any user exit of badi etc..

or any idea

with regards

Anand kumar

Re: password for TCODE

Former Member — Thu, 11 Feb 2010 06:47:04 GMT

This message was moderated.

Re: password for TCODE

Former Member — Thu, 11 Feb 2010 06:58:27 GMT

This can only be possible if authorized users can be assigned common role and which in turn is assigned to this tramnsaction.

We cannot have user password for entering into it.

Regards

Gaurav

Re: password for TCODE

Former Member — Thu, 11 Feb 2010 07:04:48 GMT

Hi Anand,

If you have to find out any exit or BADI implementation for the given transaction you can find them using the following steps.

1. Go to se24.

2. Got the method GET_INSTANCE

3. Plaace a breakpoint on the FM.

4. Excecute the respecive transaction.

5. You goto the debug mode, double click on the exit name and find the exit or badi.

Regards,

Amuktha

Re: password for TCODE

Former Member — Thu, 11 Feb 2010 07:09:45 GMT

Hi,

This can be done by Basis team by assigning proper Authorization object to desired role.

Thanks,

Regards,

Mohaiyuddin

Re: password for TCODE

Former Member — Thu, 11 Feb 2010 07:10:35 GMT

Sorry Mate .. NO Badi Found for that transcation

Re: password for TCODE

Former Member — Thu, 11 Feb 2010 07:12:50 GMT

Mohaiyuddin

In case this is single user ,used by mutiple department

with regards

Anand kumar

Re: password for TCODE

Former Member — Thu, 11 Feb 2010 07:28:43 GMT

There is very crude way to do it.

Maybe in your case it may be recommended, but I think standard way is to have different users and have roles assigned.

For your case you have to consider Enhancement Section

ENHANCEMENT-SECTION STATUS_0001_01 SPOTS ES_SAPLCORU_S. (Form Status in LCORU_SFS1).

You may also consider implementing Implicit Enhancement in Form Status, Bu Enhancement Section is already available, hence you can use it.

Note : For this you need to have some knowledge of New Enhancement Framework, it's easy and you can find lots of wiki and blogs on SDN to learn it.

In above enhancement section you can write code to check password. Create a Z table and Store encrypted password in it..

You may create seperate Z Utility to maintain password in Z Table. To store encrypted password, you can use FM FIEB_PASSWORD_ENCRYPT and use FM FIEB_PASSWORD_DECRYPT to decrypt the password. Alternatively you may devise your own algorithm to do so..

Call a Z program from above enhancement section to present a screen to enter password, if password does not match exit the application, else proceed.

Thanks,

Regards,

Mohaiyuddin

Regards,

Mohaiyuddin

Re: password for TCODE

Former Member — Thu, 11 Feb 2010 07:39:03 GMT

There is no exit or option to add non-SAP code to the S_TCODE check via the ok-code field.

You can check this in FM AUTH_CHECK_TCODE - it calls the kernel function by the same name which is where the check is. You cannot access it.

The FIEB* function modules are not encryption. They merely scramble the clear text password and the string is reversable so would add more hazard to the system than security. I would not use them!

A more stable and supported approach would be to restrict the access to the transaction and improve authentication via well thought out password rules or single-sign-on.

Cheers,

Julius

Re: password for TCODE

Former Member — Thu, 11 Feb 2010 07:47:33 GMT

Hi Julius,

I agree that best approach would be segregating the users instead of having only one user logging from different department. Hence goes my first comment in previous post.

But I cannot see another way to store custom password in tables - maybe Z table or cluster or persistant object???..

Besides, other than Standard Role assignment technique - only way would be to Enter the transaction and check for password (In case, Client do not agree to have separate users).

Thanks,

Regards,

Mohaiyuddin

Re: password for TCODE

Former Member — Thu, 11 Feb 2010 08:01:59 GMT

> I agree that best approach would be segregating the users instead of having only one user logging from different department. Hence goes my first comment in previous post.

Well spotted --> what the real intention possibly is behind this requirement!

> But I cannot see another way to store custom password in tables - maybe Z table or cluster or persistant object???..

The correct approach is to use a one-way-hash and protect the algorithm for the hashing. That way the password supplied is hashed "encrypted" and only the hashes are compared.

But anyway, there is no enhancement-point or API of any sorts in the tcode check, and there are many many tcodes, reports, FMs, methods, webservices, etc... so there is nothing to use for this "hack"...

Cheers,

Julius

Re: password for TCODE

Former Member — Wed, 17 Feb 2010 09:16:21 GMT

Mates

It is possible to implement Enhancement frame work in ABAP Release 6.40.

with regards

Anand kumar . R

Re: password for TCODE

Former Member — Wed, 17 Feb 2010 10:15:00 GMT

Yeah, but there is no enhancement spot in the c-kernel function AUTH_CHECK_TCODE... so there is nothing to enhance or even modify.

There certainly is nothing to product certify either.

Cheers,

Julius

Re: password for TCODE

Former Member — Wed, 17 Feb 2010 10:31:43 GMT

Hi Julius,

In case that need to be implemented, it has to be at starting of C011N. That is what I suggested in my post above..

There is Enhancement Point available at the beginning of C011N in PBO, I have mentioned include in above post.

Thanks,

Regards,

Mohaiyuddin