topic Re: Debug unauthorized TCODE without using SE93 or SM37 in Application Development and Automation Discussions

Debug unauthorized TCODE without using SE93 or SM37

Loed — Fri, 27 Jun 2014 14:30:20 GMT

Hi guyz,

In relation with the post below, I just want to ask if there is other way to access TCODEs you are not authorized to access aside from debugging in SE93 or SM37?

http://scn.sap.com/message/15149782#15149782

Thank you!

Loed

Re: Debug unauthorized TCODE without using SE93 or SM37

tom_demuyt — Fri, 27 Jun 2014 14:38:17 GMT

I am not saying you should do this, but, all transactions are in TSTC.

You could try to go to SE16, and simulate in debug mode SE93..

Re: Debug unauthorized TCODE without using SE93 or SM37

Former Member — Fri, 27 Jun 2014 14:41:30 GMT

Hi Loed,

The best way to debug transactions you do not have access to is to request authorisation to those transactions. If it is a necessary part of your role to have this access then it should be granted, if it is not you shouldn't be accessing them by any back door means.

Regards,

Nick

Re: Debug unauthorized TCODE without using SE93 or SM37

tom_demuyt — Fri, 27 Jun 2014 14:46:56 GMT

If you have the authorization to change variables in debug mode, then that is an explicit authorization to the whole system.

Re: Debug unauthorized TCODE without using SE93 or SM37

Former Member — Fri, 27 Jun 2014 16:26:28 GMT

Agreed, badly designed authorisation roles can always give you access to more than was intended.

However, if you need to use debug to access a transaction then that doesn't constitute explict authorisation. Your attempt to run the transaction by conventional means will have explicitly told you that you are not authorised to do so. You can seek to exploit other means to access the transaction, but you are doing so with full knowledge that this is outside the defined scope of transactions in your authorisation role.

Regards,

Nick

Re: Debug unauthorized TCODE without using SE93 or SM37

former_member730258 — Sat, 28 Jun 2014 03:46:01 GMT

This message was moderated.

Re: Debug unauthorized TCODE without using SE93 or SM37

former_member730258 — Sun, 29 Jun 2014 11:14:17 GMT

hi, the procedure provided below is not advisable but for some cases might be helpful. please be advised that all security must be followed as best practice still.

1. Go to SE37 and execute SCCA_CALL_TRANSACTION in debugging.

2. Click F6 and change value of sy-subrc to 0.

3. Click F8. You may now use the tcode.

Re: Debug unauthorized TCODE without using SE93 or SM37

Loed — Mon, 30 Jun 2014 06:17:41 GMT

Hi Jovee,

Sorry for that, I mistyped the title..It should be SE93 and SE37..I already know how to debug on both tcodes..I'm just curious if there are still other ways to access tcodes which are not assigned to you aside from debugging using those tcodes..

Thanks anyway for reply..=)

Loed

Re: Debug unauthorized TCODE without using SE93 or SM37

Loed — Mon, 30 Jun 2014 06:19:33 GMT

Hi Tom,

What do you mean by all transactions are in TSTC? Is it a tcode? Coz I tried it in BW server and the error message is TRANSACTION TSTC IS UNKNOWN..

Thank you!

Loed

Re: Debug unauthorized TCODE without using SE93 or SM37

Loed — Mon, 30 Jun 2014 06:22:18 GMT

Hi Nick,

Yeah I just request access on my client to tcodes that I need to access..

I just became curious when I saw the thread I have posted that's why I created this post..;-)

Loed

Re: Debug unauthorized TCODE without using SE93 or SM37

former_member223133 — Mon, 30 Jun 2014 07:03:44 GMT

Hi,

You can try the function module 'ALINK_CALL_TRANSACTION' by passing the t-code required to be accessed.

Regards

Gangadar

Re: Debug unauthorized TCODE without using SE93 or SM37

krishnadhuriya — Mon, 30 Jun 2014 07:07:19 GMT

you can use SE37 (for FM)

then CC_CALL_TRANSACTION_NEW_TASK

and execute this FM..

Thanks!

Re: Debug unauthorized TCODE without using SE93 or SM37

tom_demuyt — Mon, 30 Jun 2014 12:50:39 GMT

TSTC is table. I find some of the other answers far more convenient and enlightening.

Re: Debug unauthorized TCODE without using SE93 or SM37

Former Member — Mon, 30 Jun 2014 13:01:35 GMT

hi,

having debugging option makes you able to debug any tcode somehow.

typing /h into the tcode-field enables debugging. the next action you do is starting the debugger

thats why only trusty people should have debug-authorization

by the way: post http://scn.sap.com/message/15149782#15149782 is restricted

regards

Stefan Seeburger

Re: Debug unauthorized TCODE without using SE93 or SM37

Loed — Tue, 01 Jul 2014 13:36:48 GMT

Hi Gangadhar,

As I have said, what if I don't have access in SE37 or SE93? Can I still access tcodes I am unauthorized?

Re: Debug unauthorized TCODE without using SE93 or SM37

Loed — Tue, 01 Jul 2014 13:38:07 GMT

Hi Krishna,

Aside from debugging in SE37 or SE93, can I still access tcodes I am unauthorized?

Re: Debug unauthorized TCODE without using SE93 or SM37

Loed — Tue, 01 Jul 2014 13:46:45 GMT

What do you mean mate by post is restricted in that link?

Are there other ways to access tcodes which I don't have authorization for and without using SE37 or SE93?

Re: Debug unauthorized TCODE without using SE93 or SM37

Former Member — Tue, 01 Jul 2014 14:51:59 GMT

Hi Loed,

i cant open your link - access denied.

without beeing in any transaction you can type /h in the transaction-code-field. Then you can type in the transaction-code you want to enter/debug. set breakpoint on authority check and "sy-subrc = 0" all requests. You will be able to use this transaction after accepting each authority-check. the bigger the transaction the more uncomfortable this is.

regards

Stefan Seeburger

Re: Debug unauthorized TCODE without using SE93 or SM37

former_member730258 — Wed, 02 Jul 2014 01:45:48 GMT

No.

Re: Debug unauthorized TCODE without using SE93 or SM37

Loed — Wed, 02 Jul 2014 03:30:52 GMT

Thanks for the table mate..