Hello All, 

Today, we will be discussing on an interesting SAP Security Related Topic, with its functional intervention. 

Do read the full blog...

• In general terms, when we execute a T-code in the SAP System, it calls various T-codes by-default in the background, which might push our SAP system to various security, data breaches and also to various data leaks.

Let’s understand the scenario clearly using an example:-

For example, an End-User executes the T-code “ME51N” – Create Purchase Requisition, if now the user wants to view the Material Master Data, he can view that data, even though he is not having the access of MM03 T-code in his user id.

This thing is possible because of the “Called Transactions”. This kind of thing is not at all desirable, whenever we are dealing with certain confidential master datas, & we don’t want the End User to even have a look at it !

Whenever we execute some T-Codes, the system checks the consistency at the table “TCDCOUPLES” , this table actually provides us with a complete data mapping of the “Calling T-Code” & the “Called T-Code”.

In our example, the transaction “ME51N” is calling the transaction “MM03” .

If the Check Field is "BLANK", as show in the screenshot attached, it means the Calling T-Code can access the Called T-Code without the need of any  Authorization Checks !  

Now, if we want to restrict the Call Transactions from Calling certain data sensitive Master Data Related Transactions, then we have to simply alter the “Check ID” Field to “YES”.

After this alteration, the End User will only be able to view / display the Master Data, only when the user id will have that particular T-code executing authorization.

Key Takeaways from this Blog :-

You should always do the review of the critical “Called Transactions”, time to time in order to prevent certain sensitive data leaks.

Blog Written By:-

Er. Pratik Das

B.Tech in Mechanical Engineering,

SAP Functional Consultant,

SAP Enthusiast.