Parameter transactions

Introduction

In this blog, you will get to know about Parameter transactions and the SU24 tips and tricks, which will come handy while securing them.

Let us first understand, what are Parameter transactions and why they are being used so much in the organizations.

Parameter Transactions and how to restrict them

Parameter transactions allow you to preassign values to fields on the initial screen of a transaction. In simple terms, parameter transactions are the custom t-codes developed to use another standard t-code like SM30. The custom t-code calls the standard t-code with some pre-assign values so that the custom t-code goes directly to the screen/table you want to see.

Parameter transactions are mostly developed for SM30 (Maintain table views) t-code.

For example, for the custom t-code ZTEST_SM30, which is shown below, the table ‘XYZ’ will be shown when executed.

Restricting the Parameter transactions

Since, maintaining the table views is a critical activity, hence it is important to restrict the parameter transactions calling SM30 t-code.

The parameter transactions can be restricted via the below 3 authorization objects.

• S_TABU_DIS
• S_TABU_NAM
• S_TABU_LIN

S_TABU_DIS

S_TABU_DIS has two authorization fields.

Authorization Field         Long Text

ACTVT                           Activity

DICBERCLS                  Authorization Group

ACTVT(Activity) field restricts the access to 02 (change) and 03 (display). The field DICBERCLS (Authorization Group) contains the authorization for tables according to the authorization classes in table TDDAT. Here, you specify the names of the permitted classes.

To know the authorization group for your table/view, go to SE11 and paste your view name and click on Utilities and select Table Maintenance Generator option.

S_TABU_NAM

S_TABU_NAM has two authorization fields.

Authorization Field         Long Text

ACTVT                           Activity

TABLE                           Table Name

ACTVT(Activity) field restricts the access to 02 (change) and 03 (display). The field TABLE (Table Name) is for name of the table which needs to be accessed.

S_TABU_LIN

S_TABU_LIN can be used to restrict the access to tables on the basis of organizational criteria. (for example, company code, plant, sales org etc). This authorization object allows you to restrict the access to specific rows of a table.

The authorization object contains following authorization fields.

Authorization Field         Long Text

ORGKRIT                      Organizational criterion for key-specific authorizations

ACTVT                           Activity

ORG_FIELD1- 8            Attribute for organizational criterion

ACTVT(Activity) field restricts the access to 02 (change) and 03 (display).The ORGKRIT field establishes the relationship to the key fields of the tables to which the line authorization refers. The fields ORG_FIELD1- 8 contains the attributes or the key fields of the table.

To know the ORGKRIT field for your table, go to t-code SPRO, click on SAP Reference IMG button and choose SAP Web Application Server → System Administration → Users and Authorizations → Line-Oriented Authorizations → Define Organizational Criteria and you’ll find the already defined Organization Criteria.

I hope this was a useful read.

Thank you!

References

1. https://archive.sap.com/kmuuid2/10c22217-75c9-2d10-83a0-9716c2ccc0f4/Maintaining%20Custom%20Transaction%20Codes%20More%20Effectively.pdf