Thursday, June 13, 2013

Sensitive Authorization Objects

Similar to my last post for Sensitive T-codes in SAP, any authorization object with certain fields value and
activity turns to be sensitive authorization object.

I have list out some of them below :
 1. S_DEVELOP ABAP Workbench
    ACTVT Activity
      With ANY of these values:
      02 Change
    OBJNAME Object name
      With ANY of these values:
      DEBUG DEBUG

 2. S_TCODE Transaction Code Check at Transaction Start
    TCD Activity
      With ANY of these values:
      "*" ( Treat * as a literal ) *

3.  S_DEVELOP ABAP Workbench
    ACTVT Activity
      With ANY of these values:
      06 Delete
      07 Activate, generate
    OBJNAME Object name
      With ANY of these values:
      * ( Treat * as a wildcard ) *

4.  S_TABU_CLI Cross-client Table Maintenance
    CLIIDMAINT Indicator for cross-client maintenance
      With ANY of these values:
      X X

5.  S_PROGRAM ABAP: Program run checks
    P_ACTION User action ABAP/4 program
      With ANY of these values:
      BTCSUBMIT BTCSUBMIT
      EDIT EDIT
    P_GROUP Authorization group ABAP/4 program
      With ANY of these values:
      "*" ( Treat * as a literal ) *

6.  S_TABU_DIS Table Maintenance (via standard tools such as SM30)
    ACTVT Activity
      With ANY of these values:
      02 Change
    DICBERCLS Authorization group
      With ANY of these values:
      * ( Treat * as a wildcard ) *

7.  S_USER_AGR Authorizations: Role check
    ACTVT Activity
      With ANY of these values:
      01 01
      02 Change

8.  S_USER_AGR Authorizations: Role check
    ACTVT Activity
      With ANY of these values:
      22 Enter, Include, Assign

9.  S_USER_AUT User Master Maintenance: Authorizations
    ACTVT Activity
      With ANY of these values:
      01 01
      02 Change

10.  S_USER_AUT User Master Maintenance: Authorizations
    ACTVT Activity
      With ANY of these values:
      07 Activate, generate
      22 Enter, Include, Assign

11.  S_USER_PRO User Master Maintenance: Authorization Profile
    ACTVT Activity
      With ANY of these values:
      01 01
      02 Change

12.  S_USER_PRO User Master Maintenance: Authorization Profile
    ACTVT Activity
      With ANY of these values:
      06 Delete
      22 Enter, Include, Assign

13.  S_USER_SYS User Master Maintenance: System for Central User Maintenance
    ACTVT Activity
      With ANY of these values:
      59 Distribute
      78 Assign

14.  S_TRANSPRT Transport Organizer
    ACTVT Activity
      With ANY of these values:
      01 01
      02 Change

15.  S_TRANSPRT Transport Organizer
    ACTVT Activity
      With ANY of these values:
      43 Release

16.  S_TRANSPRT Transport Organizer
    ACTVT Activity
      With ANY of these values:
      60 Import

17.  S_RZL_ADM CCMS: System Administration
    ACTVT Activity
      With ANY of these values:
      01 Create

18.  S_BTCH_NAM Background Processing: Background User Name
    BTCUNAME Background user name for authorization check
      With ANY of these values:
   
"*" ( Treat * as a literal ) *
Posted by at No comments:

Sensitive T-codes in SAP

We have few t-codes which come under sensitive t codes list like SU01,PFCG. But there are few T-codes in
System as well which can be classified under same when assigned with certain activity and fields values.

I have noted down few of them in below note :
SCC4 Client Administration
  S_TABU_DIS Table Maintenance (via standard tools such as SM30) (CM)
    ACTVT Activity
      With ANY of these values:
      01 01
      02 Change
    DICBERCLS Authorization group
      With ANY of these values:
      SS SS

STMS Transport Management System
STMS_IMPORT Import Queue
  S_DATASET Authorization for file access (CM)
    ACTVT Activity
      With ANY of these values:
      33 Read
      34 Write
  S_CTS_ADMI Transport Organizer
    ACTVT Activity
      With ANY of these values:
      IMPA Import
      IMPS Import

SM30 Call View Maintenance
SM31 Call View Maintenance Like SM30
  S_TABU_DIS Table Maintenance (via standard tools such as SM30) (CM)
    ACTVT Activity
      With ANY of these values:
      02 Change
    DICBERCLS Authorization group
      With ANY of these values:
      * ( Treat * as a wildcard ) *

SE38 ABAP Editor
  S_DATASET Authorization for file access (CM)
    ACTVT Activity
      With ANY of these values:
      06 Delete
      34 Write
  S_DEVELOP ABAP Workbench (CM)
    ACTVT Activity
      With ANY of these values:
      01 01
      02 Change
  S_PROGRAM ABAP: Program Flow Checks (CM)
    P_ACTION User action ABAP/4 program
      With ANY of these values:
      BTCSUBMIT BTCSUBMIT
      SUBMIT SUBMIT

SPRO Customizing - Edit Project
  S_PROJECT Project Management: Project authorization
    ACTVT Activity
      With ANY of these values:
      02 Change
      06 Delete
  S_TABU_DIS Table Maintenance (via standard tools such as SM30) (CM)
    ACTVT Activity
      With ANY of these values:
      02 Change
    DICBERCLS Authorization group
      With ANY of these values:
      * ( Treat * as a wildcard ) *

SU01 User Maintenance
  S_USER_GRP User Master Maintenance: User Groups
    ACTVT Activity
      With ANY of these values:
      01 Create or Generate
      02 Change
  S_USER_PRO User Master Maintenance: Authorization Profile (CM)
    ACTVT Activity
      With ANY of these values:
      22 Enter, Include, Assign

SU10 User Mass Maintenance
SU12 Mass Changes to User Master Records
  S_USER_GRP User Master Maintenance: User Groups
    ACTVT Activity
      With ANY of these values:
      01 Create or Generate
      02 Change
  S_USER_PRO User Master Maintenance: Authorization Profile (CM)
    ACTVT Activity
      With ANY of these values:
      22 Enter, Include, Assign

SU01 User Maintenance
  S_USER_GRP User Master Maintenance: User Groups
    ACTVT Activity
      With ANY of these values:
      05 Lock

SU10 User Mass Maintenance
SU12 Mass Changes to User Master Records
  S_USER_GRP User Master Maintenance: User Groups
    ACTVT Activity
      With ANY of these values:
      05 Lock

SU02 Maintain Authorization Profiles
  S_USER_PRO User Master Maintenance: Authorization Profile
    ACTVT ACTVT
      With ANY of these values:
      01 01
      02 02

SU03 Maintain Authorizations
  S_USER_AUT User Master Maintenance: Authorizations (CM)
    ACTVT ACTVT
      With ANY of these values:
      01 01
      02 02

PFCG Role Maintenance
  S_USER_AGR Authorizations: Role Check
    ACTVT ACTVT
      With ANY of these values:
      01 01
      02 02
  S_USER_GRP User Master Maintenance: User Groups
    ACTVT Activity
      With ANY of these values:
      01 Create or Generate
      02 Change
  S_USER_PRO User Master Maintenance: Authorization Profile
    ACTVT ACTVT
      With ANY of these values:
      01 01
      02 02

RZ10 Maintain Profile Parameters
  S_RZL_ADM Transport Organizer
    ACTVT Activity
      With ANY of these values:
      01 Create or Generate
      02 Change

SE06 Set Up Transport Organizer
  S_CTS_ADMI Administration Functions in the Change and Transport System
     CTS_ADMFCT Activity
      With ANY of these values:
      * ( Treat * as a wildcard ) *
  S_TRANSPRT Transport Organizer
    ACTVT Activity
      With ANY of these values:
      01 Create or Generate
      02 Change

SE11 ABAP Dictionary
SE13 Dictionary: Technical Settings
  S_DEVELOP ABAP Workbench (CM)
    ACTVT Activity
      With ANY of these values:
      01 01
      02 Change

SE16 Data Browser
  S_TABU_DIS Table Maintenance (via standard tools such as SM30) (CM)
    ACTVT Activity
      With ANY of these values:
      02 Change
    DICBERCLS Authorization group
      With ANY of these values:
      * ( Treat * as a wildcard ) *

SA38 ABAP Reporting
SE38 ABAP Editor
  S_PROGRAM ABAP: Program Flow Checks (CM)
    P_ACTION User action ABAP/4 program
      With ANY of these values:
      BTCSUBMIT BTCSUBMIT
      SUBMIT SUBMIT

SE01 Transport Organizer (Extended)
SE09 Transport Organizer
  S_DATASET Authorization for file access (CM)
    ACTVT Activity
      With ANY of these values:
      33 Read
      34 Write
  S_TRANSPRT Transport Organizer
    ACTVT Activity
      With ANY of these values:
      01 Create or Generate
      02 Change

SE10 Transport Organizer
  S_DATASET Authorization for file access (CM)
    ACTVT Activity
      With ANY of these values:
      33 Read
      34 Write
  S_TRANSPRT Transport Organizer
    ACTVT Activity
      With ANY of these values:
      01 Create or Generate
      02 Change

SE01 Transport Organizer (Extended)
SE09 Transport Organizer
  S_DATASET Authorization for file access (CM)
    ACTVT Activity
      With ANY of these values:
      33 Read
      34 Write
  S_TRANSPRT Transport Organizer
    ACTVT Activity
      With ANY of these values:
      43 Release

SE10 Transport Organizer
  S_DATASET Authorization for file access (CM)
    ACTVT Activity
      With ANY of these values:
      33 Read
      34 Write
  S_TRANSPRT Transport Organizer
    ACTVT Activity
      With ANY of these values:
      43 Release

STMS Transport Management System
  S_DATASET Authorization for file access (CM)
    ACTVT Activity
      With ANY of these values:
      33 Read
      34 Write
  S_TRANSPRT Transport Organizer
    ACTVT Activity
      With ANY of these values:
      01 Create
      02 Change

STMS Transport Management System
STMS_IMPORT Import Queue
  S_DATASET Authorization for file access (CM)
    ACTVT Activity
      With ANY of these values:
      33 Read
      34 Write
  S_TRANSPRT Transport Organizer
    ACTVT Activity
      With ANY of these values:
      43 Release

STMS Transport Management System
STMS_IMPORT Import Queue
  S_DATASET Authorization for file access (CM)
    ACTVT Activity
      With ANY of these values:
      33 Read
      34 Write
  S_TRANSPRT Transport Organizer
    ACTVT Activity
      With ANY of these values:
      60 Import

SM36
  S_BTCH_ADM Background Processing: Background Administrator
    BTCADMIN Background administrator ID
      With ANY of these values:
      Y Y
  S_BTCH_JOB Background Processing: Operations on Background Jobs
    JOBACTION Job operations
      With ANY of these values:
      DELE DELE
      RELE RELE
  S_BTCH_NAM Background Processing: Background User Name
    BTCUNAME Background user name for authorization check
      With ANY of these values:
      "*" ( Treat * as a literal, see the screenshot below ) *

SM36
  S_BTCH_ADM Background Processing: Background Administrator
    BTCADMIN Background administrator ID
      With ANY of these values:
      Y Y
  S_BTCH_JOB Background Processing: Operations on Background Jobs
    JOBACTION Job operations
      With ANY of these values:
      DELE DELE
      RELE RELE
  S_BTCH_NAM Background Processing: Background User Name
    BTCUNAME Background user name for authorization check
      With ANY of these values:
      * ( Treat * as a wildcard ) *

SM64
  S_BTCH_ADM Background Processing: Background Administrator
    BTCADMIN Background administrator ID
      With ANY of these values:
      Y Y










Posted by at No comments:
Subscribe to: Comments (Atom)