Transaction codes |
SM51(Server Overview) |
SM50(Processes Overview) |
SM21(System Log) |
ST22(ABAP Dumps) |
DB02(Space Statastics) |
SM37(Batch Jobs) |
SMGW(Gateway Monitor) |
SM14(Updates Overview) |
SM13(Update Records) |
SM66(Systemwide Work Process Overview) |
DB13(Database administration calendar) |
SM12(Display and Delete Locks) |
SM59(RFC Connections) |
ST11(Display Trace files) |
ST06(SAP OS Collector Admin) |
SXMB_IFR (Start Integration Builder) |
SLDCHECK(Test SLD Connection) |
SXI_CACHE (To Access IS runtime cache) |
Monday, November 11, 2013
Common Transaction codes for system Health Check
CUA and IDM
IDM - Identity Management.
Gets connected to ABAP system + NON ABAP systems + third party tools
Adv of IDM : Self service password reset.
IDM : can be connected and used in combination with an existing CUA.
or if CUA is not installed ,you can directly go for IDM.
Enables workflow-based requests for approvals, automating user provisioning
in multiple back-end systems
Supports LDAP directories and databases, as well as standards such as SPML
Supports tight integration with SAP Business Suite 7.0 .
CUA is central user administration
Its a central system where where we maintain / create users.
For instance : you have 30 systems installed (like ECC6.0 (dev / QA / PROD),
SRM,BI,CRM...)
if u get a request from client saying you need to create 50 users in 30
systems (ie u are giving access to the users in 30 systems).
So what you do - in each and every sytem u need to create users (user
creation independent of other system / clients) its a tedious process.
if at all you have central system(CUA) install,then within 3 to 5 sec you
will be able to create 50 users in 30 system.
it enables you to manage several thousand users and their individual role
assignments.
How to know that CUA is installed in ur company- Su01 -Create /change user
-> if you notice "system tab" other than role, profile , logon...then it is
CUA.
CUA gets connected to all your child system (BI,SRM,ECC...) using ALE / IDOC
method.
CUA only get connected to ABAP systems.
If at all user wants to reset password / unlock he needs to approach help
desk / security team
Cheers
Gets connected to ABAP system + NON ABAP systems + third party tools
Adv of IDM : Self service password reset.
IDM : can be connected and used in combination with an existing CUA.
or if CUA is not installed ,you can directly go for IDM.
Enables workflow-based requests for approvals, automating user provisioning
in multiple back-end systems
Supports LDAP directories and databases, as well as standards such as SPML
Supports tight integration with SAP Business Suite 7.0 .
CUA is central user administration
Its a central system where where we maintain / create users.
For instance : you have 30 systems installed (like ECC6.0 (dev / QA / PROD),
SRM,BI,CRM...)
if u get a request from client saying you need to create 50 users in 30
systems (ie u are giving access to the users in 30 systems).
So what you do - in each and every sytem u need to create users (user
creation independent of other system / clients) its a tedious process.
if at all you have central system(CUA) install,then within 3 to 5 sec you
will be able to create 50 users in 30 system.
it enables you to manage several thousand users and their individual role
assignments.
How to know that CUA is installed in ur company- Su01 -Create /change user
-> if you notice "system tab" other than role, profile , logon...then it is
CUA.
CUA gets connected to all your child system (BI,SRM,ECC...) using ALE / IDOC
method.
CUA only get connected to ABAP systems.
If at all user wants to reset password / unlock he needs to approach help
desk / security team
Cheers
Thursday, June 13, 2013
Sensitive Authorization Objects
Similar to my last post for Sensitive T-codes in SAP, any authorization object with certain fields value and activity turns to be sensitive authorization object. I have list out some of them below : |
||||||||||||
1. | S_DEVELOP | ABAP Workbench | ||||||||||
ACTVT | Activity | |||||||||||
With ANY of these values: | ||||||||||||
02 | Change | |||||||||||
OBJNAME | Object name | |||||||||||
With ANY of these values: | ||||||||||||
DEBUG | DEBUG | |||||||||||
2. | S_TCODE | Transaction Code Check at Transaction Start | ||||||||||
TCD | Activity | |||||||||||
With ANY of these values: | ||||||||||||
"*" ( Treat * as a literal ) | * | |||||||||||
3. | S_DEVELOP | ABAP Workbench | ||||||||||
ACTVT | Activity | |||||||||||
With ANY of these values: | ||||||||||||
06 | Delete | |||||||||||
07 | Activate, generate | |||||||||||
OBJNAME | Object name | |||||||||||
With ANY of these values: | ||||||||||||
* ( Treat * as a wildcard ) | * | |||||||||||
4. | S_TABU_CLI | Cross-client Table Maintenance | ||||||||||
CLIIDMAINT | Indicator for cross-client maintenance | |||||||||||
With ANY of these values: | ||||||||||||
X | X | |||||||||||
5. | S_PROGRAM | ABAP: Program run checks | ||||||||||
P_ACTION | User action ABAP/4 program | |||||||||||
With ANY of these values: | ||||||||||||
BTCSUBMIT | BTCSUBMIT | |||||||||||
EDIT | EDIT | |||||||||||
P_GROUP | Authorization group ABAP/4 program | |||||||||||
With ANY of these values: | ||||||||||||
"*" ( Treat * as a literal ) | * | |||||||||||
6. | S_TABU_DIS | Table Maintenance (via standard tools such as SM30) | ||||||||||
ACTVT | Activity | |||||||||||
With ANY of these values: | ||||||||||||
02 | Change | |||||||||||
DICBERCLS | Authorization group | |||||||||||
With ANY of these values: | ||||||||||||
* ( Treat * as a wildcard ) | * | |||||||||||
7. | S_USER_AGR | Authorizations: Role check | ||||||||||
ACTVT | Activity | |||||||||||
With ANY of these values: | ||||||||||||
01 | 01 | |||||||||||
02 | Change | |||||||||||
8. | S_USER_AGR | Authorizations: Role check | ||||||||||
ACTVT | Activity | |||||||||||
With ANY of these values: | ||||||||||||
22 | Enter, Include, Assign | |||||||||||
9. | S_USER_AUT | User Master Maintenance: Authorizations | ||||||||||
ACTVT | Activity | |||||||||||
With ANY of these values: | ||||||||||||
01 | 01 | |||||||||||
02 | Change | |||||||||||
10. | S_USER_AUT | User Master Maintenance: Authorizations | ||||||||||
ACTVT | Activity | |||||||||||
With ANY of these values: | ||||||||||||
07 | Activate, generate | |||||||||||
22 | Enter, Include, Assign | |||||||||||
11. | S_USER_PRO | User Master Maintenance: Authorization Profile | ||||||||||
ACTVT | Activity | |||||||||||
With ANY of these values: | ||||||||||||
01 | 01 | |||||||||||
02 | Change | |||||||||||
12. | S_USER_PRO | User Master Maintenance: Authorization Profile | ||||||||||
ACTVT | Activity | |||||||||||
With ANY of these values: | ||||||||||||
06 | Delete | |||||||||||
22 | Enter, Include, Assign | |||||||||||
13. | S_USER_SYS | User Master Maintenance: System for Central User Maintenance | ||||||||||
ACTVT | Activity | |||||||||||
With ANY of these values: | ||||||||||||
59 | Distribute | |||||||||||
78 | Assign | |||||||||||
14. | S_TRANSPRT | Transport Organizer | ||||||||||
ACTVT | Activity | |||||||||||
With ANY of these values: | ||||||||||||
01 | 01 | |||||||||||
02 | Change | |||||||||||
15. | S_TRANSPRT | Transport Organizer | ||||||||||
ACTVT | Activity | |||||||||||
With ANY of these values: | ||||||||||||
43 | Release | |||||||||||
16. | S_TRANSPRT | Transport Organizer | ||||||||||
ACTVT | Activity | |||||||||||
With ANY of these values: | ||||||||||||
60 | Import | |||||||||||
17. | S_RZL_ADM | CCMS: System Administration | ||||||||||
ACTVT | Activity | |||||||||||
With ANY of these values: | ||||||||||||
01 | Create | |||||||||||
18. | S_BTCH_NAM | Background Processing: Background User Name | ||||||||||
BTCUNAME | Background user name for authorization check | |||||||||||
With ANY of these values: | ||||||||||||
"*" ( Treat * as a literal ) | * |
Sensitive T-codes in SAP
We have few t-codes which come under sensitive t codes list like SU01,PFCG. But there are few T-codes in System as well which can be classified under same when assigned with certain activity and fields values. I have noted down few of them in below note : |
|||||||||||||
SCC4 | Client Administration | ||||||||||||
S_TABU_DIS | Table Maintenance (via standard tools such as SM30) (CM) | ||||||||||||
ACTVT | Activity | ||||||||||||
With ANY of these values: | |||||||||||||
01 | 01 | ||||||||||||
02 | Change | ||||||||||||
DICBERCLS | Authorization group | ||||||||||||
With ANY of these values: | |||||||||||||
SS | SS | ||||||||||||
STMS | Transport Management System | ||||||||||||
STMS_IMPORT | Import Queue | ||||||||||||
S_DATASET | Authorization for file access (CM) | ||||||||||||
ACTVT | Activity | ||||||||||||
With ANY of these values: | |||||||||||||
33 | Read | ||||||||||||
34 | Write | ||||||||||||
S_CTS_ADMI | Transport Organizer | ||||||||||||
ACTVT | Activity | ||||||||||||
With ANY of these values: | |||||||||||||
IMPA | Import | ||||||||||||
IMPS | Import | ||||||||||||
SM30 | Call View Maintenance | ||||||||||||
SM31 | Call View Maintenance Like SM30 | ||||||||||||
S_TABU_DIS | Table Maintenance (via standard tools such as SM30) (CM) | ||||||||||||
ACTVT | Activity | ||||||||||||
With ANY of these values: | |||||||||||||
02 | Change | ||||||||||||
DICBERCLS | Authorization group | ||||||||||||
With ANY of these values: | |||||||||||||
* ( Treat * as a wildcard ) | * | ||||||||||||
SE38 | ABAP Editor | ||||||||||||
S_DATASET | Authorization for file access (CM) | ||||||||||||
ACTVT | Activity | ||||||||||||
With ANY of these values: | |||||||||||||
06 | Delete | ||||||||||||
34 | Write | ||||||||||||
S_DEVELOP | ABAP Workbench (CM) | ||||||||||||
ACTVT | Activity | ||||||||||||
With ANY of these values: | |||||||||||||
01 | 01 | ||||||||||||
02 | Change | ||||||||||||
S_PROGRAM | ABAP: Program Flow Checks (CM) | ||||||||||||
P_ACTION | User action ABAP/4 program | ||||||||||||
With ANY of these values: | |||||||||||||
BTCSUBMIT | BTCSUBMIT | ||||||||||||
SUBMIT | SUBMIT | ||||||||||||
SPRO | Customizing - Edit Project | ||||||||||||
S_PROJECT | Project Management: Project authorization | ||||||||||||
ACTVT | Activity | ||||||||||||
With ANY of these values: | |||||||||||||
02 | Change | ||||||||||||
06 | Delete | ||||||||||||
S_TABU_DIS | Table Maintenance (via standard tools such as SM30) (CM) | ||||||||||||
ACTVT | Activity | ||||||||||||
With ANY of these values: | |||||||||||||
02 | Change | ||||||||||||
DICBERCLS | Authorization group | ||||||||||||
With ANY of these values: | |||||||||||||
* ( Treat * as a wildcard ) | * | ||||||||||||
SU01 | User Maintenance | ||||||||||||
S_USER_GRP | User Master Maintenance: User Groups | ||||||||||||
ACTVT | Activity | ||||||||||||
With ANY of these values: | |||||||||||||
01 | Create or Generate | ||||||||||||
02 | Change | ||||||||||||
S_USER_PRO | User Master Maintenance: Authorization Profile (CM) | ||||||||||||
ACTVT | Activity | ||||||||||||
With ANY of these values: | |||||||||||||
22 | Enter, Include, Assign | ||||||||||||
SU10 | User Mass Maintenance | ||||||||||||
SU12 | Mass Changes to User Master Records | ||||||||||||
S_USER_GRP | User Master Maintenance: User Groups | ||||||||||||
ACTVT | Activity | ||||||||||||
With ANY of these values: | |||||||||||||
01 | Create or Generate | ||||||||||||
02 | Change | ||||||||||||
S_USER_PRO | User Master Maintenance: Authorization Profile (CM) | ||||||||||||
ACTVT | Activity | ||||||||||||
With ANY of these values: | |||||||||||||
22 | Enter, Include, Assign | ||||||||||||
SU01 | User Maintenance | ||||||||||||
S_USER_GRP | User Master Maintenance: User Groups | ||||||||||||
ACTVT | Activity | ||||||||||||
With ANY of these values: | |||||||||||||
05 | Lock | ||||||||||||
SU10 | User Mass Maintenance | ||||||||||||
SU12 | Mass Changes to User Master Records | ||||||||||||
S_USER_GRP | User Master Maintenance: User Groups | ||||||||||||
ACTVT | Activity | ||||||||||||
With ANY of these values: | |||||||||||||
05 | Lock | ||||||||||||
SU02 | Maintain Authorization Profiles | ||||||||||||
S_USER_PRO | User Master Maintenance: Authorization Profile | ||||||||||||
ACTVT | ACTVT | ||||||||||||
With ANY of these values: | |||||||||||||
01 | 01 | ||||||||||||
02 | 02 | ||||||||||||
SU03 | Maintain Authorizations | ||||||||||||
S_USER_AUT | User Master Maintenance: Authorizations (CM) | ||||||||||||
ACTVT | ACTVT | ||||||||||||
With ANY of these values: | |||||||||||||
01 | 01 | ||||||||||||
02 | 02 | ||||||||||||
PFCG | Role Maintenance | ||||||||||||
S_USER_AGR | Authorizations: Role Check | ||||||||||||
ACTVT | ACTVT | ||||||||||||
With ANY of these values: | |||||||||||||
01 | 01 | ||||||||||||
02 | 02 | ||||||||||||
S_USER_GRP | User Master Maintenance: User Groups | ||||||||||||
ACTVT | Activity | ||||||||||||
With ANY of these values: | |||||||||||||
01 | Create or Generate | ||||||||||||
02 | Change | ||||||||||||
S_USER_PRO | User Master Maintenance: Authorization Profile | ||||||||||||
ACTVT | ACTVT | ||||||||||||
With ANY of these values: | |||||||||||||
01 | 01 | ||||||||||||
02 | 02 | ||||||||||||
RZ10 | Maintain Profile Parameters | ||||||||||||
S_RZL_ADM | Transport Organizer | ||||||||||||
ACTVT | Activity | ||||||||||||
With ANY of these values: | |||||||||||||
01 | Create or Generate | ||||||||||||
02 | Change | ||||||||||||
SE06 | Set Up Transport Organizer | ||||||||||||
S_CTS_ADMI | Administration Functions in the Change and Transport System | ||||||||||||
CTS_ADMFCT | Activity | ||||||||||||
With ANY of these values: | |||||||||||||
* ( Treat * as a wildcard ) | * | ||||||||||||
S_TRANSPRT | Transport Organizer | ||||||||||||
ACTVT | Activity | ||||||||||||
With ANY of these values: | |||||||||||||
01 | Create or Generate | ||||||||||||
02 | Change | ||||||||||||
SE11 | ABAP Dictionary | ||||||||||||
SE13 | Dictionary: Technical Settings | ||||||||||||
S_DEVELOP | ABAP Workbench (CM) | ||||||||||||
ACTVT | Activity | ||||||||||||
With ANY of these values: | |||||||||||||
01 | 01 | ||||||||||||
02 | Change | ||||||||||||
SE16 | Data Browser | ||||||||||||
S_TABU_DIS | Table Maintenance (via standard tools such as SM30) (CM) | ||||||||||||
ACTVT | Activity | ||||||||||||
With ANY of these values: | |||||||||||||
02 | Change | ||||||||||||
DICBERCLS | Authorization group | ||||||||||||
With ANY of these values: | |||||||||||||
* ( Treat * as a wildcard ) | * | ||||||||||||
SA38 | ABAP Reporting | ||||||||||||
SE38 | ABAP Editor | ||||||||||||
S_PROGRAM | ABAP: Program Flow Checks (CM) | ||||||||||||
P_ACTION | User action ABAP/4 program | ||||||||||||
With ANY of these values: | |||||||||||||
BTCSUBMIT | BTCSUBMIT | ||||||||||||
SUBMIT | SUBMIT | ||||||||||||
SE01 | Transport Organizer (Extended) | ||||||||||||
SE09 | Transport Organizer | ||||||||||||
S_DATASET | Authorization for file access (CM) | ||||||||||||
ACTVT | Activity | ||||||||||||
With ANY of these values: | |||||||||||||
33 | Read | ||||||||||||
34 | Write | ||||||||||||
S_TRANSPRT | Transport Organizer | ||||||||||||
ACTVT | Activity | ||||||||||||
With ANY of these values: | |||||||||||||
01 | Create or Generate | ||||||||||||
02 | Change | ||||||||||||
SE10 | Transport Organizer | ||||||||||||
S_DATASET | Authorization for file access (CM) | ||||||||||||
ACTVT | Activity | ||||||||||||
With ANY of these values: | |||||||||||||
33 | Read | ||||||||||||
34 | Write | ||||||||||||
S_TRANSPRT | Transport Organizer | ||||||||||||
ACTVT | Activity | ||||||||||||
With ANY of these values: | |||||||||||||
01 | Create or Generate | ||||||||||||
02 | Change | ||||||||||||
SE01 | Transport Organizer (Extended) | ||||||||||||
SE09 | Transport Organizer | ||||||||||||
S_DATASET | Authorization for file access (CM) | ||||||||||||
ACTVT | Activity | ||||||||||||
With ANY of these values: | |||||||||||||
33 | Read | ||||||||||||
34 | Write | ||||||||||||
S_TRANSPRT | Transport Organizer | ||||||||||||
ACTVT | Activity | ||||||||||||
With ANY of these values: | |||||||||||||
43 | Release | ||||||||||||
SE10 | Transport Organizer | ||||||||||||
S_DATASET | Authorization for file access (CM) | ||||||||||||
ACTVT | Activity | ||||||||||||
With ANY of these values: | |||||||||||||
33 | Read | ||||||||||||
34 | Write | ||||||||||||
S_TRANSPRT | Transport Organizer | ||||||||||||
ACTVT | Activity | ||||||||||||
With ANY of these values: | |||||||||||||
43 | Release | ||||||||||||
STMS | Transport Management System | ||||||||||||
S_DATASET | Authorization for file access (CM) | ||||||||||||
ACTVT | Activity | ||||||||||||
With ANY of these values: | |||||||||||||
33 | Read | ||||||||||||
34 | Write | ||||||||||||
S_TRANSPRT | Transport Organizer | ||||||||||||
ACTVT | Activity | ||||||||||||
With ANY of these values: | |||||||||||||
01 | Create | ||||||||||||
02 | Change | ||||||||||||
STMS | Transport Management System | ||||||||||||
STMS_IMPORT | Import Queue | ||||||||||||
S_DATASET | Authorization for file access (CM) | ||||||||||||
ACTVT | Activity | ||||||||||||
With ANY of these values: | |||||||||||||
33 | Read | ||||||||||||
34 | Write | ||||||||||||
S_TRANSPRT | Transport Organizer | ||||||||||||
ACTVT | Activity | ||||||||||||
With ANY of these values: | |||||||||||||
43 | Release | ||||||||||||
STMS | Transport Management System | ||||||||||||
STMS_IMPORT | Import Queue | ||||||||||||
S_DATASET | Authorization for file access (CM) | ||||||||||||
ACTVT | Activity | ||||||||||||
With ANY of these values: | |||||||||||||
33 | Read | ||||||||||||
34 | Write | ||||||||||||
S_TRANSPRT | Transport Organizer | ||||||||||||
ACTVT | Activity | ||||||||||||
With ANY of these values: | |||||||||||||
60 | Import | ||||||||||||
SM36 | |||||||||||||
S_BTCH_ADM | Background Processing: Background Administrator | ||||||||||||
BTCADMIN | Background administrator ID | ||||||||||||
With ANY of these values: | |||||||||||||
Y | Y | ||||||||||||
S_BTCH_JOB | Background Processing: Operations on Background Jobs | ||||||||||||
JOBACTION | Job operations | ||||||||||||
With ANY of these values: | |||||||||||||
DELE | DELE | ||||||||||||
RELE | RELE | ||||||||||||
S_BTCH_NAM | Background Processing: Background User Name | ||||||||||||
BTCUNAME | Background user name for authorization check | ||||||||||||
With ANY of these values: | |||||||||||||
"*" ( Treat * as a literal, see the screenshot below ) | * | ||||||||||||
SM36 | |||||||||||||
S_BTCH_ADM | Background Processing: Background Administrator | ||||||||||||
BTCADMIN | Background administrator ID | ||||||||||||
With ANY of these values: | |||||||||||||
Y | Y | ||||||||||||
S_BTCH_JOB | Background Processing: Operations on Background Jobs | ||||||||||||
JOBACTION | Job operations | ||||||||||||
With ANY of these values: | |||||||||||||
DELE | DELE | ||||||||||||
RELE | RELE | ||||||||||||
S_BTCH_NAM | Background Processing: Background User Name | ||||||||||||
BTCUNAME | Background user name for authorization check | ||||||||||||
With ANY of these values: | |||||||||||||
* ( Treat * as a wildcard ) | * | ||||||||||||
SM64 | |||||||||||||
S_BTCH_ADM | Background Processing: Background Administrator | ||||||||||||
BTCADMIN | Background administrator ID | ||||||||||||
With ANY of these values: | |||||||||||||
Y | Y | ||||||||||||
Subscribe to:
Posts (Atom)