headershadow

Sensitive Authorization Objects

Print Friendly

Sensitive Authorization Objects

Today am going to discuss about some common Sensitive authorization object in SAP, Any of the authorization object is not sensitive at every point of time but with certain fields value and activity it turns to be very sensitive authorization object.I have listed out some of them below :
 1. S_DEVELOP ABAP Workbench
ACTVT Activity
With ANY of these values:
02 Change
OBJNAME Object name
With ANY of these values:
DEBUG DEBUG
 2. S_TCODE Transaction Code Check at Transaction Start
TCD Activity
With ANY of these values:
"*" ( Treat * as a literal ) *
3. S_DEVELOP ABAP Workbench
ACTVT Activity
With ANY of these values:
06 Delete
07 Activate, generate
OBJNAME Object name
With ANY of these values:
* ( Treat * as a wildcard ) *
4. S_TABU_CLI Cross-client Table Maintenance
CLIIDMAINT Indicator for cross-client maintenance
With ANY of these values:
X X
5. S_PROGRAM ABAP: Program run checks
P_ACTION User action ABAP/4 program
With ANY of these values:
BTCSUBMIT BTCSUBMIT
EDIT EDIT
P_GROUP Authorization group ABAP/4 program
With ANY of these values:
"*" ( Treat * as a literal ) *
6. S_TABU_DIS Table Maintenance (via standard tools such as SM30)
ACTVT Activity
With ANY of these values:
02 Change
DICBERCLS Authorization group
With ANY of these values:
* ( Treat * as a wildcard ) *
7. S_USER_AGR Authorizations: Role check
ACTVT Activity
With ANY of these values:
01 01
02 Change
8. S_USER_AGR Authorizations: Role check
ACTVT Activity
With ANY of these values:
22 Enter, Include, Assign
9. S_USER_AUT User Master Maintenance: Authorizations
ACTVT Activity
With ANY of these values:
01 01
02 Change
10. S_USER_AUT User Master Maintenance: Authorizations
ACTVT Activity
With ANY of these values:
07 Activate, generate
22 Enter, Include, Assign
11. S_USER_PRO User Master Maintenance: Authorization Profile
ACTVT Activity
With ANY of these values:
01 01
02 Change
12. S_USER_PRO User Master Maintenance: Authorization Profile
ACTVT Activity
With ANY of these values:
06 Delete
22 Enter, Include, Assign
13. S_USER_SYS User Master Maintenance: System for Central UserMaintenance
ACTVT Activity
With ANY of these values:
59 Distribute
78 Assign
14. S_TRANSPRT Transport Organizer
ACTVT Activity
With ANY of these values:
01 01
02 Change
15. S_TRANSPRT Transport Organizer
ACTVT Activity
With ANY of these values:
43 Release
16. S_TRANSPRT Transport Organizer
ACTVT Activity
With ANY of these values:
60 Import
17. S_RZL_ADM CCMS: System Administration
ACTVT Activity
With ANY of these values:
01 Create
18. S_BTCH_NAM Background Processing: Background User Name
BTCUNAME Background user name for authorization check
With ANY of these values:
"*" ( Treat * as a literal ) *

Priya Ranjan Singh has been working as an SAP Security Consultant since 2010. He have worked with Wipro Technologies ,Accenture in past and currently working with Ernst & Young.
More about

2 thoughts on “Sensitive Authorization Objects


Comment author said

By Ranjit on 11 March 2014 at 13:07

Can you share some of sensitive Tcodes !! It will really help !!

 

Comment author said

By SAP WM Online Training on 12 December 2014 at 11:01

Thank you sir,I recently came across your blog and have been reading along. nice explanation.We are providing sap wm online training . It is more effective and interest for new learners. I thought I would leave my first comment. I feel great after reading this information.

 

Leave a Reply


*