My favourite Security Transaction Codes
by Vanita Parthasarathy, Winterhawk SAP GRC & Security Consultant
Working as an SAP Security Consultant, there are a few transactions that I use on a daily basis, which help to simplify potentially complex tasks.
Two codes which are generally used together are AL08 – Users Logged On and ST01 – System Trace. AL08 is used to check the details of the server which a user is logged on to and establish a connection to the same server; ST01 is used to switch the trace to identify the failing authorisation object for the user while running a transaction in the system. But I would like to share a magic Tcode which replaces the need to use multiple transaction codes: STAUTHTRACE (Authorisation Trace). In one go, Authorisation Trace will allow you to capture internal and external services authorisation checks being used by the user; try it, and you won’t go back to ST01 again.
Scheduling background jobs (User Comparison, GRC sync jobs, mass generation of profiles etc.) is a daily task for any SAP security consultant and it is very important to understand the nitty gritty of the background jobs. In SM37 (Job Overview), job logs and check status are handy to keep a watch on the jobs’ statuses with job correction options within. In this scenario, ST22 can also act as an extension to SM37, to catch any server and program level errors.
Here are a few other suggestions:
- Is there any SAP consultant who would not appreciate SE16? It makes life easy by providing all the data in one go, and in one place.
- A deep dive into user data is provided by SUIM.
- SU24 and PFCG complement each other for easy maintenance of authorisation data in roles; SU24 is used for maintaining authorisation objects required for access to transactions. This information is brought into Tcode when it is included in a role.
- SE38 helps display the program code and helps run certain GRC programs (where Tcodes are unavailable).
- If you are working in GRC, SM04 comes in handy to terminate unrequired http sessions, which can be tricky at times; otherwise it helps terminate unwanted sessions which create locks on objects (if an earlier user session has ended in an unintentional way).
Last but not least is the all-important SU01 (User maintenance), for user creation, modifications and licensing. Apart from this, every SAP consultant should ideally have basic knowledge of ABAP programming as this facilitates faster understanding of issues.
Vanita is an SAP GRC & Security Consultant for Winterhawk, and is part of our Expert On-Demand Team.
Winterhawk SAP Expert On-Demand
Your SAP enterprise software solution is crucial to managing business operations as well as customer relationships. When everything flows along smoothly, SAP works effortlessly behind the scenes; however, when an issue arises you need an expert who can resolve problems efficiently and effectively. Why pay for a fixed length support contract when you don’t need it all the time?
Winterhawk’s SAP Security Expert On-Demand service provides organisations with the assurance that their SAP Security is supported by experienced resources familiar with the application set-up, with the added flexibility to ensure support is provided when required.