In today’s knowhow post, I will show you ways around the authorization system in SAP ERP. Using these hints, you will be able to execute SAP transactions without the authorization to do it.
Disclaimer: Circumventing the authorization concept of your SAP system is a bad thing, and if you get caught you might be punished by your boss and/or system administrator. Do not use these tricks in a production SAP system!
Whenever we encounter that pesky „You are not authorized to use transaction XYZ“ in an SAP system, it usually blocks or workflow. Quite often we are developers in need of some tool that the SAP Basis admin has unknowingly blocked for us.
However, there are ways around the SAP authorization system, and I will show you some of them in this blog post.
Method 1: Call Transactions Without Authorization in SAP via Function Module AUTH_CHECK_TCODE
The function module AUTH_CHECK_TCODE is used by many transactions to verify the validity of a transaction execution. If we have debugging rights on the SAP system of our choice, we can make use of this. Follow these steps:
- Open transaction SE37 or SE80 and enter the function module AUTH_CHECK_TCODE.
- Find the following line of code, and set a breakpoint right at it.
IF sy-subrc = 0.
- In a new session, execute the transaction code you want to open again. You will be placed in the debugger. Change the value from 4 to 0.
- Press F8 and you should be in the transaction of your choice!
Method 2: Execute a SAP transaction without authorization by running its program directly
Moreover, if the above possibility does not work (the function module does not run always), you can try to execute the program directly. If the transaction you want to execute is a Report Transaction, this will work nicely. Execute the following steps.
- Open transaction SE16 or SE16N.
- Display the SAP table TSTC and enter the transaction code you want to execute.
- Check if the field „PGMNA“ has an entry. If it does, you can continue with step 4.
- Go to transaction SE38 and insert the program name taken from the PGMNA field of table TSTC. Click „execute“ or press F8.
- You are now in the report you wanted to open! This works well e.g. for transaction SCOT.
Method 3: Use SAP Function Modules or SAP Programs that call Transactions without authorization checks
If none of the above worked and you have access to SE37, SE38, SE80 or SE84, you can try the following programs and/or function modules. All of these basically execute CALL TRANSACTION without authorization checks, so you will get to the transaction you want. Here is the list.
- Program RSDEMO04
- Function Module RS_HDSYS_CALL_TC_VARIANT
- Function Module C160_TRANSACTION_CALL
- Function Module TRANSACTION_CALL
Summing up, I hope one of these methods will help you in SAP to execute a transaction without authorization to do so. Please remember to not do anything disallowed with it.