https://community.sap.com/t5/application-development-and-automation-discussions/from-tcode-cl30n-can-call-any-tcode/m-p/8408082#M1645378 <HTML><HEAD></HEAD><BODY><P>Thanks!</P><P>We will create a customer question on Sap service and wait what to do.</P><P></P><P>Form check_existence_of_rep_ta is the right point to do an enhacement. </P><P>Cut user's fingers also solve problem too... </P><P></P><P>Best regards.</P><P></P><P></P><P>Rodrigo Paisante</P></BODY></HTML> Thu, 29 Dec 2011 11:08:30 GMT rodrigo_paisante3 2011-12-29T11:08:30Z https://community.sap.com/t5/application-development-and-automation-discussions/from-tcode-cl30n-can-call-any-tcode/m-p/8408079#M1645375 <HTML><HEAD></HEAD><BODY><P>Hi all,</P><P></P><P>I have a big problem: from CL30N user can call any other tcode.</P><P></P><P>In tcode CL30N, enter class and type class. Next step is click on FIND IN INITIAL CLASS button.</P><P>Then in Environment -&gt; define function. Is the bad screen...</P><P>The user can set new values, and putting T and the wanted tcode, he can break authority check.</P><P>Just select a line and the RUN button will call the tcode.</P><P></P><P>How to disable this? This process execute FM CLSD_EXECUTE_FUNCTION.</P><P></P><P>thanks in advance.</P></BODY></HTML> Wed, 28 Dec 2011 18:55:54 GMT https://community.sap.com/t5/application-development-and-automation-discussions/from-tcode-cl30n-can-call-any-tcode/m-p/8408079#M1645375 rodrigo_paisante3 2011-12-28T18:55:54Z https://community.sap.com/t5/application-development-and-automation-discussions/from-tcode-cl30n-can-call-any-tcode/m-p/8408080#M1645376 <HTML><HEAD></HEAD><BODY><P>dont assign authorizations directly on tcode name.. </P><P>see which authorization objects the Tcode correspond to and assign the roles based on that, with this no one can break with any FM or Tcode</P></BODY></HTML> Wed, 28 Dec 2011 19:45:35 GMT https://community.sap.com/t5/application-development-and-automation-discussions/from-tcode-cl30n-can-call-any-tcode/m-p/8408080#M1645376 Former Member 2011-12-28T19:45:35Z https://community.sap.com/t5/application-development-and-automation-discussions/from-tcode-cl30n-can-call-any-tcode/m-p/8408081#M1645377 <HTML><HEAD></HEAD><BODY><P>Hi Rodrigo,</P><P></P><P>CL30N is controlled by authority object C_KLAH_BSE. You may restrict using this object or just do not give access to this transaction.</P><P></P><P>If this way is not the best for your environment, you can create an implicit enhancement at the end of FORM check_existence_of_rep_ta in program SAPLCLSD, include LCLSDF0N.</P><P></P><P>Most simply, do an authority-check for object S_TCODE with tcode p_tcode.</P><P></P><P>If you can wait a couple of days, create a customer question on SAP service (OSS) and wait for the NOTE to be created by SAP - because this looks like just another security gap.</P><P></P><P>Thanks for the hint. </P><P></P><P>Regards,</P><P></P><P>Clemens</P></BODY></HTML> Wed, 28 Dec 2011 19:46:50 GMT https://community.sap.com/t5/application-development-and-automation-discussions/from-tcode-cl30n-can-call-any-tcode/m-p/8408081#M1645377 Clemenss 2011-12-28T19:46:50Z https://community.sap.com/t5/application-development-and-automation-discussions/from-tcode-cl30n-can-call-any-tcode/m-p/8408082#M1645378 <HTML><HEAD></HEAD><BODY><P>Thanks!</P><P>We will create a customer question on Sap service and wait what to do.</P><P></P><P>Form check_existence_of_rep_ta is the right point to do an enhacement. </P><P>Cut user's fingers also solve problem too... </P><P></P><P>Best regards.</P><P></P><P></P><P>Rodrigo Paisante</P></BODY></HTML> Thu, 29 Dec 2011 11:08:30 GMT https://community.sap.com/t5/application-development-and-automation-discussions/from-tcode-cl30n-can-call-any-tcode/m-p/8408082#M1645378 rodrigo_paisante3 2011-12-29T11:08:30Z