How to securize SE16N

Hello,
I have securize SE16N with SAP OSS note which is checking SY-TCODE.
Currently if you trying to launch SE16N through SE37, SE38, SA38 SEU_INT or SE93, it checks if you are authorized to SY-TCODE = SE16N.
Despite that, I have still discover that some people have found another way to use SE16N despite my controls set up.
To definitly secure my system, I need to understand how they can proceed. Do you have any idea on how they can do.
The only trace I found in STAT is :
Transaction : SESS Program : RK_SE16N
Thanks for your help.

One more thing to add to this discussion:
Errors that happen now and then should never be a reason for giving people day to day access to trx or functions like we discussed.
Best way to solve these issues : Have an emergency userid available!
Procedure:
1.     The error should be recorded in the system were all errors are recorded.
2.     The whole support team should be consulted to see if there is a solution possible in a regular manner
3.     One support team member should be assigned to solve the error.
4.     Before execution of the job a clear description should be added to the error rapport listing how the problem will be solved (this should also include the TRX Needed for the solution)
5.     The emergency userid should normally be locked . And it should be in separate usergroup (called emerge) which is ONLY accessible for the security team lead. The emergency userid has SAP_ALL and SAP_NEW assigned (allowed only because of the strict procedure!)
6.     A senior support manager approves the request to unlock the uid for solving the error. This approval is recorded in the error report including the name of the team member will solve the issue.
7.     The emergency uid is unlocked the password given to the team member aforementioned. Time is recorded in the error report. Trace is switched on.
8.     The four eyes principle applies here. So the team member is being watched all the time by a second person during the time the emergency uid is being unlocked.
9.     Immediately after the error has been solved the emergency uid is being locked again and the password reset.
10.     Trace report being read for TRX used, and checked against the scenario (as in point 4) any other trx used should be explained in the error report.
11.     All personnel involved should attend a close-out meeting where all points aforementioned should be addressed. And a close-out report should be signed by all and added to the error report.
12.     First Audit all error reports should be presented to the auditors for review
Be aware that All points mentioned are mandatory

Similar Messages

  • A collection of threads: FAQ's, intros and memorable discussions

    Welcome to the SDN Security Forum!
    In addition to the information accessible via the SDN Security Main Wiki and the SDN Security Forum Search and
    searching the SAP Service Marketplace (see the thread on OSS Note Search Techniques), this "sticky post" lists some threads from the forum as:
    - an introduction for new members / visitors on topics discussed in threads,
    - a collection of some threads which provided usefull answers to questions which are frequently asked,
    - a collection of some memorable threads if you feel like reading some security related material.
    - a collection of OSS notes which have been proven to be generally usefull to know about.
    The listed threads will be enhanced from time to time. Please feel welcome to contact me via the details in my SDN Business Card if you would like to suggest any threads for inclusion here.
    Keeping an eye on the SDN Security Homepage for relevant blogs (often there are security aspects to other blogs as well),
    the Security Area of the SAP Service Marketplace ("OSS" logon required) and subscription to the SAP Security Newsletter
    can also be generally recommended if you are interested in security.
    New!Also see SAP's Security Disclosure Guidelines and do not use SDN to report software bugs. Contact details are in the link.
    PS: When asking a question in the forum, please also provide sufficient information such that the question can be
    answered usefully, and when the question is answered please indicate which solution was found and close the thread.

    Identity Management
    CUA will never die! => Blog from SAP about CUA support myths.
    CUA information and advice needed!!! => There is a seperate dedicated forum for this now.
    User Management and Password Rules
    User Comparison => PFUD and "valid to" role assignments, and other search terms.
    Effect of Keeping User IDs => Why and how to avoid deleting user ID's.
    FORCE PASSWORD CHANGE => Think twice about updating SAP tables.
    ALEREMOTE ID locked by KRNL => Where did a (CaSe-sensitive) password come from and why did it fail?
    DDIC and changing ownership of Jobs => Restricting DDIC access and logging, by restricting it's use.
    Copy User Masters from 4.7 to ECC 6.0 => Old hats, new (easy) tricks and win a round of beers, instead of points
    Profile Parameter: login/password_logon_usergroup => Exceptions, development requests and analzing logon problems.
    Authorizations
    Trace => Contributing to SDN can enable a difference for everyone, depending on the reason code ...
    Security Design => Derived roles, role design and (potential) design errors.
    F110 - S_BTCH_ADM => S_BTCH_ADM vs. S_BTCH_JOB.
    How to securize SE16N => Be carefull with S_DEVELOP authorizations, regardless of S_TCODE.
    Giving authorization for img => Tcodes, activities and projects within SPRO.
    Role and Naming concpets => Important first step with lasting consequences.
    display access for the tcode SCC4 => Tweaking table auth groups with transaction SE54.
    No control over workbench tcode start => The "System => Status and F1 trick"; also see SAP note 1085326.
    Is SU24 only for removing security checks? => What the SU24 indicators are for.
    Effect of "changed' objects during upgrades => The rules of SAP note 113290.
    How to remove SPRO from SAP_ALL profile => The Neverending Story.
    How to create new org.level and further actions? => Reports for converting organizational level fields.
    Granting Authorization Group SC in S_TABU_DIS => New authorization object S_TABU_NAM to access individual tables.
    error while uploading roles from quality to production => Upload roles, or transport them.
    SUIM RSUSR010 does not return completed list of t-code. => Special SUIM reports explained by SAP guru Bernhard Hochreiter.
    Maintaining different values for Accounting Type (KOART) => A little bit of everything in PFCG which you need to know.
    Adding Object Mannully Vs. Adding Object in SU24 for Tranaction => When to use SU24 to make changes.
    Too many duplicate objects coming while adding Tcode through MENU => SU24, PFCG merge option and role design.
    Not add authorization objects that exist in role when adding transaction => Initial installation tuning of SU24.
    Do you give SAP_ALL and SAP_NEW to developer in Dev and QA environtment? => Developer type authorizations.
    Errors occurred during post-handling PRGN_AFTER_IMP_ACTGROUP_ACGR for ACGR => Solutions for profile name collisions.

  • SE16N -- Delete Price Procedure , how to recover

    Dear Expert,
    in the begining,
    I use the SE16N to change the table : VBAK for one sales order
    I changed distribution chanel , and the system always mention that " the price procedure XXXXX is not in the table T683" . So I delete the price prcedure. and save it.
    But I released that price procedure should not be deleted, now how can I recover it back ? in Sales order , it is grey field , no possible to change. Via SE16N , the same message " the price procedure XXXXX is not in the table T683" block me to save .
    BR , Shubin

    Shubin
    Updating transaction values through tables in SE16N is fatal and it can cost your job also at times.
    For this issue, you have to put the old distribution channel. Then the correct pricing procedure will be automatically defaulted without any effort from ur side.Check and let me know if you have any problem.
    I hope you have not done this in Production system

  • How to get idocs in se16n

    When idocs posted sender to receiver system then in the receiver system it shows 53[application document posted] but when we check in se16n there is no idocs? how to resolve this?

    hi saha,
      i had checked VBRK  table and had given billing type as FP.
    Regards
    Dileep
    <<cellphone number forwarded to tele-marketers>>
    Edited by: kishan P on Oct 22, 2010 10:38 AM

  • How to edit entries using se16n?

    I want to change some entries using se16n.:h1 But I don't have the authorization for changing the table entries. Is there any way for me to change the entries in se16n?
    Moderator message: obtain proper authorization, nasty workrounds are not supported here, replies have been rejected.
    Edited by: Thomas Zloch on Mar 16, 2011 2:53 PM

    1. Select nodes to be modified with the JDom XPath class selectSingleNode and selectNodes methods.
    SAXBuilder saxBuilder=new SAXBuilder("org.apache.xerces.parsers.SAXParser");
    org.jdom.Document jdomDocument=saxBuilder.build(new File("c:/input.xml"));
    org.jdom.Element node= (org.jdom.Element)(XPath.selectSingleNode(jdomDocument,"/root/node"));
    2. Modify the node values with the Element class setter methods.
    3. Output document with the XMLOutputer class.

  • How to count number of sales orders generated in a month in SAP SD

    Hi SD Gurus,
    I have a very strange query from client. I have to count the number of sales order created in a month for a z report. For example 30 in Jan, 25 in Feb etc. Could anyone suggest me How to count number of sales orders generated in a month in SAP SD.
    Regards
    Vinod Kumar

    Hi,
    Goto the T.Code "SE16" or "SE16n" or "SE11".
    Enter the table name as VBAK
    Enter the created on date as the starting date of the period and to date as the end date.
    Enter.
    Click on "Number of Entries".It will tell you the number of entries created in a particular period.
    If you want a report,goto the T.Code "VA05n".
    Regards,
    Krishna.

  • How to delete Duplicate records in IT2006

    Dear Experts
    We have a situation like where we have duplicate records with same start and end dates in IT2006. This is because of the incorrect configuration which we have corrected now, but we need to do  a clean-up for the existing duplicate records. Any idea on how to clean it?  I ran report RPTKOK00 to find these duplicates but I could not delete the duplicate/inconsistenct record using report RPTBPC10 or HNZUPTC0, i Could only delete the deductions happened in the record.
    Is there any standard report/any other means of deleting the duplicate records created in IT2006?
    Thanks in advance for all your help.
    Regards
    Vignesh.

    You could probably use se16n to identify the duplicates and create the list of quotas to delete, and you could probably use t-code lsmw to write up a script to delete them, but be aware that you can't delete a Quota if it's been deducted from.
    You'd have to delete the Absence/Attendance first, then delete the Quota, then recreate the Absence/Attendance.

  • How to delete the dat afrom the Ztable in GRP

    Hello Experts,
                             How we can delete the data from the Ztable created by the developer , in the Production server ,please give a brief idea  about it , thanks in advance.

    see this:
    to delete data from z table
    also follow this mentioned by jagadish in above thread:
    start tr. se16n
    type the table name and press ENTER.
    Then type the string "&sap_edit" into the command line and strike Enter
    again.
    enter your selection criteria.
    run.(F8)
    now you can easily delete the lines you want (and then save)
    All Changes are noted in the tables
    SE16N_CD_DATA and
    SE16N_CD_KEY.

  • How to retain leading zeros in module pool screen

    Hi experts,
    I have a ztable field of type NUMC4 being displayed on a module pool screen, the value in the field is '0001', but on the screen it displays value as '1' (without leading zeros), When I save the record, Even in the databse it stores as '1'.
    But I have checked in debugging the field always contains '0001' in the program execution and I have also used 'CONVERSION_EXIT_ALPHA_INPUT' in the PBO but no use.
    Pls suggest.
    Thanks,
    Deepak

    Check the screen attributes for the field. There is an option to show leading zeroes.
    edit.
    And how did you see it was stored a 1 and not 0001? Using SE16N? Mind you: with SE16N conversion-exits are executed automatically thus showing 0001 as 1.
    To make sure: double click on the record in SE16N and look if it's still 1 and not 0001.

  • How can I see the last logon of one user?

    Hi experts!
    I need to check the last logon of one user.
    How can I check that?
    Thanks a lot!

    Hi Carlos,
    You can check the users last logon to SAP from :-
    SE16N - Table USR02
    <b>Last login is TRDAT - Last logon date
                       LTIME -  Last logon time</b>
    Thanks,
    Vinay

  • How to find out list of tables

    how to find out list of tables

    Hi,
    You can check table DD02L via transaction SE16/SE16N.
    Also please check this links.
    https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/e944e133-0b01-0010-caa2-be2cb240f657
    http://www.erpgenie.com/abap/tables.htm
    Regards,
    Ferry Lianto

  • How to find out the company code given the customer number

    I am new to SAP please help me out? How do you find out the answer.

    Hi,
    Goto T.Code SE11/Se16/SE16n.
    Key in the table name as KNB1.
    Enter your customer number.
    Execute.
    You will get your company code here.
    Another way is Goto XD02/XD03.
    Enter your customer number.On company code press F4.Enter the customer number and press Enter.A list of company code in which your customer presents will appear.
    Regards,
    Krishna.

  • How can I get the correct Ship To (KNVP-KUNNR2) for a Sales Document?

    I am trying to generate a report that will (among other things) display the Ship To ID and Name for a given Sales Document.  I know the following information:
    VBAK-VBELN - Sales Document
    VBAK-VKORG - Sales Org
    VBAK-VTWEG - Distribution Channel
    VBAK-SPART - Division
    VBAK-KUNNR - Sold To Party
    I know that the table KNVP will return a list of Ship-To Customer numbers (KUNNR2) for a Sold-To Customer (VBAK-KUNNR) if I also filter by VKORG, VTWEG, and SPART (using SE16N).  What I don't know is which one of the returned values is being used in a particular Sales Document.  The customer in question has 29 Ship-To locations.  How do I find out which Partner Counter (KNVP-PARZA) the Sales Document uses? I don't know where that value would come from.  Once I can get the correct Ship-To Customer Number, I should be able to search the table KNA1 by WHERE KUNNR = KNVP-KUNNR2 and return KNA1-NAME1 for the Name of the Ship-To location.

    For a sales document?  Use VBPA with PARVW = 'WE'.  Also, use the ADRDA field to determine whether the address on the document has been manually changed.  In any case, you can use one of the many address management functions or just ADRC directly to get the name, address, etc., using the ADRNR field from VBPA or if the address is from the customer master, KNA1.

  • How to change Pricing date in VF02

    Hi,
    I want to change the Pricing date in the Invoice. I have created the Invoice but still the accounting entries are not posted.
    So now i want to change the Pricing date of the Invoice, how can i change the Pricing date.
    Thank U
    Uwanthi

    Hi,
    Cancel invoice by VF11
    Then again create invoice by VF01 and maintain pricing date on initial screen.
    OR ELSE,
    Go to SE16N in edit mode >> Put table VBRK
    Specify invoice number and execute and change price.
    Kapil

  • How to obtain the pricing condition data from sales data?

    Hi all!  I have googled many times and read through many sites to understand how I can obtain the pricing condition data that's specific to a specific sales line.  However, the answer I got usually are as follow:
    Tables to be used:
    KONV
    KONH
    KONP
    VBRK
    VBRP
    And the thing is to obtain KNUMH data from VBRP and link it to KONP which will get the exact pricing condition data that's relating to the specific transaction.
    However, my challenge is that the field KNUMH in either VBRP or VBAP, it is empty.  Therefore, how can I have a report with my sales data as the primary file, and appending the pricing condition data so that I can analyze the different kinds of pricing condition types that the company is using.  The only field that I can use is KNUMV which does not give me the pricing condition that was used in this particular invoice line.
    I also know that there is the A*** tables, which contains the KNUMH file.  However, this file is split into many different tables.  Thus, is there a more efficient method to download all the data?  In any case, I still do not know how to link to my sales data.
    FYI, I only have SE16N and VK13's access.
    I hope that someone can help me, please!
    Thank you!

    Hi,
    Data flow :
    BW :
    When u right click on the Master Data Info object -> Select Data flow.Then  it will  show u the details like DS name,IS (If 3.x)
    Once u know the DS then you need to find out the source tables for the R/3 DS.This information will get using ROOSOURCE or ROOSFIELD tables  or help.sap.com.
    My suggestion better to search in Help site for DS source tables.
    DS Tables :
    The following link will provide you the source tables for some of the LO DS.
    https://wiki.sdn.sap.com/wiki/display/BI/BWSDMMFIDATASOURCES
    Regards
    Ram.
    Edited by: Ramakanth Deepak Gandepalli on Dec 22, 2009 9:29 AM

Maybe you are looking for

  • Illustrator CC custom fit print doesn't work

    This is a serious workflow disruption: In CSx I could open any file, choose a print preset, click on 'custom' for Media Size and it would automatically adjust the print width and height to whatever the artwork boundaries were (Ignore Artboards ✓'d).

  • Conversion from String to int..NumberFormatException??

    Hey all I am trying to read in a file that has nothing but numbers listed one per line. I am using the bufferedReader class and reading in by line. When I check to see if the one 'string' is the same as another, it says they are the same, when really

  • Can I use both iPhoto and Aperture on the same library?

    I like some of the features of iPhoto (like faces and places) but prefer to work in Aperture for its rich tool content. Is there any way I can use both iPhoto and Aperture on the same library? Or, import images from Aperture into iPhoto? Thanks much!

  • Moving bought tv shows to new macbook

    just bought a new macbook! loving it! ok, now i had bought some tv shows on my old pc. and since i found out that you can't save to tv shows that you bought onto a cd, how am i supposed to put them on my new mb so that i can put them on my video ipod

  • Back order reprocessing

    HI gurus, I accidentally did backorder processing for an order with T code V_RA.But i now want to reverse the transaction which is already processed.. help needed immediately!!! Maximum pts will be rewarded if reply comes within the next FIFTEEN MIN>