2.1, Direct program invocation “Transactions are nothing but a convenient way to execute programs, optionally passing parameters along, Let's check via SE93, what exactly is behind SE16 and SM30 (check the other ones yourself): © SE16 calls SAPLSETB, which i a function pool (» function pools ae not crecty executable) © SEIGN executes the report RK_SEIGN (» executable) © S30 and SM31 call SAPMSVMA ~ a module pool (» not directly executable; almost * ) ‘This means, removing SEL6N from $_TCODE, but allowing for instance SA38 or SHARE REPORT does not necessarily prevent direct table access. ts not a big deal, since table authorizations are checked as usual. bt keep in mind: removing the tcodes from 'S_TCODE has a limited effect unless you also take care of §_ TABU *, S PROGRAM and S_ DEVELOP (check SAP Note 1012066 for the last one)! (9 Direct module pool execution is possible through a strange speciality in SE38: if madule pool name is entered in the first screen and then executed, SAP internally searches for tcodes using the same program ("SELECT * FROM tstc WHERE pomna = ") and arbitrarily executes the first one! This is done in class CL_WB_PGEDITOR, method EXECUTE,