Maintain T-codes with SE93
New t-codes can be created through the transaction SE93. In the example below, the t-code is created to call a program during execution. We can also create parameter transactions to which call standard sap transactions (like SE16 or SM30) or launch an ABAP query.
From the security perspective SE93 allows us to add a value for the authorization object field. This authorization object with the values specified for its fields, will be checked in addition to S_TCODE before the transaction is started.
Below we see the Se93 entry for the common HR t-code PP01. To start this transaction an user would need P_TCODE with TCD value PP01 in his user buffer, in addition to S_TCODE entry.
Hi Aninda,
In the second paragraph you have mentioned that “This authorization object with the values specified for its fields, will be checked in addition to S_TCODE before the transaction is started.” For SU01 transaction>> the auth object maintained in se93 is s_user_grp with some fields and field values. For testing your statement in second paragraph, i have deactivated the s_user_grp in the role (from which user is getting access to su01) he is not able to execute su01 which meets your statement.
My question is …in su24 if i change the check indicator to “do not check” for s_user_grp…then what happens to the auth object condition that is maintained in se93. will the changes in su24 check indicators overrides the condition in se93 or the condition in se93 is prevail? In my case as su01 is related to basis and I am unable to change the check indicator but for other t-codes it is possible to change check indicators for auth objects.
Apart from that when we are able to able to maintain check indicators in su24 for the authority check statements what is the use of maintaining a separate condition with auth object in se93? please clarify.
Can you tell me a t-code or program through which i can see the list of t-codes which are locked in the system.