Problem solve Get help with specific problems with your technologies, process and projects.

If a user has an authorization for a transaction, will he absolutely be able to start it?

Read security expert Corwin Slack's advice for one reader who is concerned about the authorizations for a particular user ID.

If a particular transaction code is present in S_tcode, does that mean the user can only start that particular transaction, or is he authorized to fully execute that transaction?
(i.e., If a S_tcode has va01, then does that mean he can create and do everything possible in va01?)

If that's not the case, then how can I find out if a particular user has authorization to that entire transaction code? Do we have to compare the objects to the fields that a user has to those objects required to run a transaction (i.e., the values that we get from USObx and USOBT tables)?

If a user has an authorization for a transaction in S_TCODE, he may be able to start it. Nothing more is indicated. There could be additional authorization checks before the transaction starts that determine whether a particular user can start the transaction. The only conclusive thing one can say about S_TCODE is that without such an authorization the user will not be able to start the transaction from a menu or from the command box.

There is no single report that can tell you whether a user has access to an entire transaction. It is often difficult to even define what an entire transaction is from a user perspective.

Dig Deeper on SAP security

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.