Skip to Content

Hello Team,

Overview:

Last week, I was trying to find out if a user forcefully run a program by “by-passing” the authority check function in Test.

After scanning some sap standard programs by basis, I bumped into these transaction codes – sm20/sm21.

Although this is the first time I have used these tcodes, it did wonders for me so I have decided to share it.

Test Scenario:

I have a limited access to run a program (even in DEV) that edit the transport’s status so I need to “by-pass” authority check.

I did succeed however in making the edit button displayable – see below highlighted:

P1.png

Now, one method to trace this is by using sm20

This we can track the ff in the “Audit classes” or the items to be tracked on by simply ticking

Enter the client and the user if you know

press enter and then F8

P2.png

You will see a consolidated security log like below – focus on the highlighted in orange

P3.png

It says that the user (me) tried to change the SY- SUBRC field  in program LSTR9U03

and this is exactly what we did in debug mode

P4.JPG

Now the other tcode is SM21.

SM21 as per sap docs is the system logs that logs all the system errors, warnings, user locks due to failed logon attempts from known users etc.

Now we enter the date/time and the user we need to spy on 😀

P5.png

press execute

P6.png

it says that the user is trying to change the SY-SUBRC of program LSTR9U03 – same as in sm20 output too.

There is also a more detailed technical info once you double clicked a record

P7.png

going back to the sm21 selection screen, we can see a button called “Use old System log tcode”

This is just the old tcode but will yield as much as the same output but of course with the previous layout

P8.JPG

No client filter so both clients 111 and 222 shows up

P9.JPG

a more technical view also will display once a record was double clicked

P10.JPG


To report this post you need to login first.

Be the first to leave a comment

You must be Logged on to comment or reply to a post.

Leave a Reply