Page 1 of 1

SE93 - Proper Use

PostPosted: Thu Oct 25, 2012 1:51 pm
by Gary Morris
I have observed Z transactions in SE93 with S_TCODE in the authorization field. Isn't this useless? Isn't a Z transaction going to require the user to have the tcode in S_TCODE in one of their roles anyway, or does this have to use a function in the code? I thought the creation of any new z tcode is automatically enforced for S_TCODE.

Re: SE93 - Proper Use

PostPosted: Thu Oct 25, 2012 2:02 pm
by jurjen
As far as I know the S_TCODE check is a kernel check so there's no need to put it in SE93 as well.

Re: SE93 - Proper Use

PostPosted: Thu Oct 25, 2012 4:03 pm
by Sharpshooter
Unless you wish to check a different Tcode than the Z-code. For example, say you have a custom BOM maintenance transaction that uses SAP APIs. You could add a check for Tcode CS02 in your Z-transaction.
Although I would say it's best practise to check the proper application-specific auth object(s) instead.

Re: SE93 - Proper Use

PostPosted: Thu Oct 25, 2012 4:58 pm
by henrik
I fully agree that it's pointless with S_TCODE check in SE93 in "modern" versions of SAP. Back before the S_TCODE check was introduced as standard, it made sense.
Technically, you can turn the S_TCODE check off, but that will also turn off the profile generator, so not really likely to happen anywhere, unless you want to go really old-school and create all your profiles through Su02 and su03... :P

Re: SE93 - Proper Use

PostPosted: Tue Oct 30, 2012 10:47 am
by Gary Morris
Thanks Everyone. I thought it was a waste of time, and was wondering if my client had been told to do this, as it was their policy on all Z transaction, and yet this is not even audit compliant since it is the same as relying only on tcode to secure a custom transaction and needs at least an application specific authorization object in SE93 or an Authority Check statement with a custom object or SAP object in the code.

Re: SE93 - Proper Use

PostPosted: Fri Nov 02, 2012 3:16 am
by os
It is not exactly the same. Place your cursor on the authorization field in SE93 and hit F1.

This check will take place in call transaction after the S_TCODE is skipped but before the screen to be skipped is displayed or the SE97 couples are checked in the program behind the Tcode.

That can make it useful, but more for academics and special cases. Mainstream use would be more for an application object as plausibility to continue the call.

My 2 cents.