Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

TIP: Changing entries directly in any SAP table

Go to solution
former_member583013
Active Contributor

‎10-15-2009 3:59 PM

0 Kudos

Use transaction SE16N -> Enter the table name and press enter to read the fields in.

Then type &SAP_EDIT in the transaction area (as a function code) and hit enter. A success message displays saying "SAP Editing function is activated".

You can now execute the report and you can edit any field except the key fields.

Use with caution!!!

This is a replacement of the blog at [/people/kevin.wilson2/blog/2009/09/29/tip-editing-any-table-in-sap|/people/kevin.wilson2/blog/2009/09/29/tip-editing-any-table-in-sap] which has stirred so many great discussion points on security.

1 ACCEPTED SOLUTION

Go to solution
Former Member

‎10-15-2009 8:39 PM

0 Kudos

This topic is much the same as the "I hid my ABAP code using a string and now cannot get it back" series, which pops up every now and again since years as well...

With the correct controls in place it does not happen!

> ... edit any field except the key fields.

This is not true.

If you are authorized to use the transaction in the way you have described (which makes a very vicious authority-check on the ability to debug SAP system programs in change mode) then you can also change the key fields in the select statement.

This is nothing new or fancy. The difference is that any fresher with SAP_ALL now has a user friendly push button tool to do the same. They don't have to actually be skilled or trained to use their authorizations anymore...

Anyone who gets overly exited about this and does not contain their user's authorizations appropriately to match their skills and trust you have in them, is being silly in my opinion.

SE16N is a fantastic transaction, if you have the correct authorizations to use it responsibly.

Cheers,

Julius

11 REPLIES 11

Go to solution
Former Member

‎10-15-2009 5:22 PM

0 Kudos

What exactly do you mean by "Use with caution?"

What exactly do you mean by "Tip?"

Rob

Go to solution
former_member583013
Active Contributor
In response to Former Member

‎10-15-2009 10:54 PM

0 Kudos

Rob,

You can check the blog [/people/kevin.wilson2/blog/2009/10/15/editing-tables-using-se16n-and-the-security-implications |/people/kevin.wilson2/blog/2009/10/15/editing-tables-using-se16n-and-the-security-implications]for the details of CAUTION!!!

As for a TIP, the definition is "an indication of a potential opportunity" i.e. Something that may be beneficial to someone else.

Go well

Go to solution
Former Member

‎10-15-2009 8:39 PM

0 Kudos

This topic is much the same as the "I hid my ABAP code using a string and now cannot get it back" series, which pops up every now and again since years as well...

With the correct controls in place it does not happen!

> ... edit any field except the key fields.

This is not true.

If you are authorized to use the transaction in the way you have described (which makes a very vicious authority-check on the ability to debug SAP system programs in change mode) then you can also change the key fields in the select statement.

This is nothing new or fancy. The difference is that any fresher with SAP_ALL now has a user friendly push button tool to do the same. They don't have to actually be skilled or trained to use their authorizations anymore...

Anyone who gets overly exited about this and does not contain their user's authorizations appropriately to match their skills and trust you have in them, is being silly in my opinion.

SE16N is a fantastic transaction, if you have the correct authorizations to use it responsibly.

Cheers,

Julius

Go to solution
former_member156446
Active Contributor

‎10-16-2009 1:10 AM

0 Kudos

That was a nice tip, apart from security and all.. it would help for Ztable data as you mentioned.

Go to solution
Former Member
In response to former_member156446

‎10-16-2009 10:57 AM

0 Kudos

> 

> ... it would help for Ztable data as you mentioned.

In that case one could argue that the authority-checks are both too strict (for the system debugger) and not granular enough (for the replace function in the ABAP debugger).

Reason: For the package and the object name, the system is checking against a DUMMY element on all 3 activities used by the command. This is the equivalent of "anything which is something" in the ABAP world. If you call it programatically, then only the ability to display something in the debugger is sufficient to change everything...

So, if you have access to execute ABAP workbench objects combined with the ability to debug a Smartform, then you can change any database table which you could prior also have displayed.

OR

Don't give anyone any debug authority in production at all.

Works like a charm and the developers eventually start testing their programs more in DEV and QAS and taking collective responsibility for the quality of the coding in the first place...

Cheers and enjoy the weekend (hopefully without having to be called in the middle of the night to debug some program which won't execute, or debug a table because the program did execute...

Julius

Go to solution
andrea_olivieri
Contributor

‎10-16-2009 9:27 AM

0 Kudos

Hello Kewin,

If you search for SAP notes with the keyword SE16N and primary component CO-OM, it seems that this transaction and the authorizations implications are well documented.

However in my opinion, in your blog you missed that the SE16N transaction was designed to update only the customizing or system tables which cannot be updated through IMG or SM30 (without maintenance dialogue).

Regards,

Andrea

Go to solution
uli_bhm
Discoverer

‎12-07-2009 10:38 AM

0 Kudos

CRM 2007 doesn't provide SE16N as well as function module SE16N_INTERFACE.

You have to do it "old school" there (SE16, detail view, debugging, change variable CODE to EDIT instead of DISP)

Go to solution
Former Member

‎12-08-2009 5:41 AM

0 Kudos

Hi Kevin,

I had deleted some records from a standard table arround 1 year back while I was doing like this.

With very difficulty we managed to revert that deletion.

I advice each of you not to use these TIPS.

Regards,

Yashwin

Go to solution
Former Member
In response to Former Member

‎12-08-2009 9:08 AM

0 Kudos

Hi Kevin

SAP CRM 2007 System has removed this Transaction Code (SE16N) and it is not available any more in the system. Also SAP NetWeaver Trial Version has removed this transaction code.

As this is a major security breach i guess it's been removed from the system. So, we shouldn't use it modify any values.

Hope this helps.

Thanks,

Samantak.

Go to solution
Former Member
In response to Former Member

‎12-08-2009 10:43 AM

0 Kudos

One could be lured into thinking that, but it is not true.

SE16N is a part of the SAP_APPL components and not SAP_BASIS. So you first need to configure the ERP Controlling module before you can use it to modify SAP tables...

Cheers,

Julius

Go to solution
Former Member
In response to Former Member

‎12-08-2009 1:59 PM

0 Kudos

> 

> Hi Kevin,
> 
> I had deleted some records from a standard table arround 1 year back while I was doing like this.
> With very difficulty we managed to revert that deletion.
> 
> I advice each of you not to use these TIPS.
> 
> Regards,
> Yashwin

That would be the best "tip" in this thread.

Rob