[52765] in SAPr3-news
Re: no authorization in roles, but abap able to go to tocde.
daemon@ATHENA.MIT.EDU (Peter Van Avermaet)
Sun Dec 19 09:47:30 2004
To: sapr3-news@mit.edu
Date: Sun, 19 Dec 2004 15:47:23 +0100
From: Peter Van Avermaet <Peter.VanAvermaet@advalvas.be>
Message-ID: <41c5947d$0$25044$ba620e4c@news.skynet.be>
yls177 wrote:
> But, is the below scenario working as designed?
>
> In the user roles, there are no authorizations to access su01.
> However, in the program, there are abap codes to call the transaction
> directly and amazingly, the user is able to do so.
>
> Please advise.
That's a documented "feature".
When a program does a "call transaction" the authority-check for S_TCODE
is NOT performed by the system.
However, things have changed slichtly in recent versions of R/3
(starting with the 4.6D kernel, I believe). The new mechanism is not
very well documented.
Look in OSS for the word TCDCOUPLES.
