topic Re: Critical Tcodes and Security Objects in Application Development and Automation Discussions

Critical Tcodes and Security Objects

former_member759680 — Wed, 26 Dec 2007 06:29:00 GMT

Please provide a list of Critical Tcodes(all Modules) and Critical Authorization Objects.

How to determine whether a certain a Tcode id Critical fro a Project?

Thanks in advance.

Re: Critical Tcodes and Security Objects

Former Member — Wed, 26 Dec 2007 06:57:32 GMT

Hi Gautam,

hope this link helps you

http://sapnetweavernotes.blogspot.com/search/label/SoD-%20Matrix

thanks

kishore

Re: Critical Tcodes and Security Objects

Former Member — Wed, 26 Dec 2007 18:10:13 GMT

HI,

Critacal T.CODES SA38,SE38,STMS,SE01. Like we have some tcodes which should not not have access to every one, specially sa38 and se38 in production server. if you want briefe go through with this link.

http://help.sap.com/saphelp_nw70/helpdata/en/0e/4f8f40f3b19920e10000000a1550b0/frameset.htm

<removed_by_moderator>

Re: Critical Tcodes and Security Objects

hiralsoni — Thu, 27 Dec 2007 10:09:21 GMT

for database administration you have

DB01 Analyze exclusive lock waits

DB02 Analyze tables and indexes

DB03 Parameter changes in database

DB11 Early Watch Profile Maintenance

DB12 Overview of Backup Logs

DB13 Database administration calendar

DB14 Show SAPDBA Action Logs

DB15 Data Archiving: Database Tables

DB16 DB System Check: Monitor

DB17 DB System Check: Configuration

DMIG Start Transaction for Data Migration

DB2 Select Database Activities

DB20 DB Cost-Based Optimizer: Tab. Stats

DB21 DB Cost-Based Optimizer: Config.

DB24 Database Operations Monitor

DB26 DB Profile:Monitor and Configuration

DB2J Manage JCL jobs for OS/390

DBCO Database Connection Maintenance

AL02 Database alert monitor

AL09 Data for database expertise

ST04 Select activity of the databases

for system administration you have,

OSS1 Logon to Online ServiceSystem

SAINT Plug-in Installation

SICK Installation Check

SM01 Lock Transactions

SM02 System Messages

SM12 Display and Delete Locks

SM13 Display Update Records

SM14 Update Program Administration

SM21 System log

SM23 System Log Analysis

SM28 Installation Check

SM29 Model Transfer for Tables

SM30 Call Up View Maintenance

SM34 Viewcluster maintenancecall

SM35 Batch Input Monitoring

SM36 Batch request

SM37 Background job overview

SM38 Queue Maintenance Transaction

SM39 Job analysis

SM49 Execute Logical Commands

SM50 Work Process Overview

SM51 List of SAP Servers

SM54 TXCOM maintenance

SM55 THOST maintenance

SM56 Number Range Buffer

SM58 Asynchronous RFC Error Log

SM59 RFC Destinations (Display/Maintain)

SM60 Borrow/Return Objects

SM61

SM62

SM63 Display/Maintain Operating Mode Sets

SM64 Release of an event

SM65 Background Processing Analysis Tool

SM66 System-wide Work Process Overview

SM67 Job scheduling

SM68 Job administration

SM69 Display/Maintain Logical Commands

SMEN Dynamic menu

SMGW Gateway Monitor

SMLG Maintain Logon Group

SMLI Language import utility

SMLT Language transport utility

SMOD SAP Enhancement Management

SMT1 Trusted Systems (Display <-> Maint.)

SMT2 Trusting systems (Display <->Maint.)

ST06 Operating System Monitor

RZ20 CCMS Monitoring

SSAA System Administration Assistant

SSCA Appointment Diary: Administration

SRZL CCMS

SSM1 Session Manager generation call

ST01 System Trace

ST02 Setups/Tune Buffers

ST03 Performance, SAP Statistics, Workload

ST05 SQL Trace

ST07 Application monitor

ST08 Network Monitor

ST11 Display Developer Traces

ST12 Application Monitor

ST14 Application Analysis

ST22 ABAP Runtime Error Analysis

ST22 ABAP/4 Runtime Error Analysis

ST62 Create industry short texts

STAT Local transaction statistics

STUN Performance Monitoring

SQ01 SAP Query: Maintain queries

SQ02 SAP Query: Maintain funct. areas

SQ03 SAP Query: Maintain user groups

SQ07 SAP Query: Language comparison

SQVI QuickViewer

SPHA Telephony administration

Re: Critical Tcodes and Security Objects

Former Member — Fri, 11 Jan 2008 09:15:25 GMT

All transaction codes in SAP are more or less critical, when executed by incompetent users or people with malicious intents... there is no exhaustive list.

In addition, limitations on t-codes need to be related to the underlying authorization objects in order to provide a fairly safe operating environment.

As for creating a foolproof system, there's only one method: lock all users.

Re: Critical Tcodes and Security Objects

Former Member — Fri, 11 Jan 2008 18:16:23 GMT

Simple answer, as long as you are in project mode In a DEV or QAS system, noting is really critical.

What is really critical after go-live needs to be determined by your company, normally this is done by the department of the controller or something alike. Anyway it should be under the finance manager as he is personnally reponsible when something goes wrong!

As for examples of critical TRX see other answers, although these are probably far from a complete list!