Saturday, July 20, 2013

What is diff b/w S_TCODE and S_USER_TCD??


Object S_USER_TCD controls the access of t-codes that user can include while creating role. 

S_tcode : while executing any t-code in sap system first it checks this ao. s_user_tcd: this ao is useful for adding a t-code at menu level with out this a.o we can't add t-code at menu level.

About S_TCODE : Whenever a transaction is started, a check is made against this authorization object by the screen with the transaction code as the value. This check always takes place & cannot be deactivated by the developer. Some exceptions are Tcode SU01, SU02, SU03 (so that the missing authorizations for object S_TCODE can be post-maintained if there are problems), Tcode SU50, SU51, SU52 (setting user defaults, user address and parameters) and transactions SU53 and SU56 (for analyzing possible errors).

About S_USER_TCD: Authorization objects control the Tcodes that sys admin can assign to an activity group, as well as the Tcodes for which they can assign Tcodes authorization (object S_TCODE). 
Posted by at

2 comments:

  1. AnonymousDecember 18, 2013 at 3:54 AM

    Hi Gaurav,
    You are doing a good job, Thanks for the useful stuff, I would suggest you to correct some typo errors such as s_tode, ao.
    I have few queries appreciate if you could answer them:
    1. could you please elaborate below sentence " a check is made against this
    authorization object by the screen with the transaction code as the value"
    2. Are we still using the name "Activity Group" in place of Role?
    3. As per your statement "you can only maintain intervals of Tcodes if you
    have full authorization for S_USER_TCD for authorizatio" Does it mean that we cannot maintain individual Tcodes?

    ReplyDelete
  2. GauravDecember 18, 2013 at 4:48 AM

    Hello,
    Thanks for pointing the corrections. I have updated them.
    Answers to your questions are :
    1. When you execute a t-code system checks whether the user is having this t-code in his user buffer or not. This check is made in object S_TCODE in user buffer.
    2. No we call them as roles now. Since this was a post from our SAP Security Group it has been copied as it is.
    3. We can add all t-codes if we have full authorization. I have removed the incorrect sentence in the post.

    Regards
    Gaurav S

    ReplyDelete

Subscribe to: Post Comments (Atom)