Technical Articles
Parameter transactions
Introduction
In this blog, you will get to know about Parameter transactions and the SU24 tips and tricks, which will come handy while securing them.
Let us first understand, what are Parameter transactions and why they are being used so much in the organizations.
Parameter Transactions and how to restrict them
Parameter transactions allow you to preassign values to fields on the initial screen of a transaction. In simple terms, parameter transactions are the custom t-codes developed to use another standard t-code like SM30. The custom t-code calls the standard t-code with some pre-assign values so that the custom t-code goes directly to the screen/table you want to see.
Parameter transactions are mostly developed for SM30 (Maintain table views) t-code.
For example, for the custom t-code ZTEST_SM30, which is shown below, the table ‘XYZ’ will be shown when executed.
Restricting the Parameter transactions
Since, maintaining the table views is a critical activity, hence it is important to restrict the parameter transactions calling SM30 t-code.
The parameter transactions can be restricted via the below 3 authorization objects.
- S_TABU_DIS
- S_TABU_NAM
- S_TABU_LIN
S_TABU_DIS
S_TABU_DIS has two authorization fields.
Authorization Field Long Text
ACTVT Activity
DICBERCLS Authorization Group
ACTVT(Activity) field restricts the access to 02 (change) and 03 (display). The field DICBERCLS (Authorization Group) contains the authorization for tables according to the authorization classes in table TDDAT. Here, you specify the names of the permitted classes.
To know the authorization group for your table/view, go to SE11 and paste your view name and click on Utilities and select Table Maintenance Generator option.
S_TABU_NAM
S_TABU_NAM has two authorization fields.
Authorization Field Long Text
ACTVT Activity
TABLE Table Name
ACTVT(Activity) field restricts the access to 02 (change) and 03 (display). The field TABLE (Table Name) is for name of the table which needs to be accessed.
S_TABU_LIN
S_TABU_LIN can be used to restrict the access to tables on the basis of organizational criteria. (for example, company code, plant, sales org etc). This authorization object allows you to restrict the access to specific rows of a table.
The authorization object contains following authorization fields.
Authorization Field Long Text
ORGKRIT Organizational criterion for key-specific authorizations
ACTVT Activity
ORG_FIELD1- 8 Attribute for organizational criterion
ACTVT(Activity) field restricts the access to 02 (change) and 03 (display).The ORGKRIT field establishes the relationship to the key fields of the tables to which the line authorization refers. The fields ORG_FIELD1- 8 contains the attributes or the key fields of the table.
I hope this was a useful read.
Thank you!
References
- https://archive.sap.com/kmuuid2/10c22217-75c9-2d10-83a0-9716c2ccc0f4/Maintaining%20Custom%20Transaction%20Codes%20More%20Effectively.pdf