Skip to Content
Apr 07, 2015 at 10:57 AM

OOSP: Structural authorization profiles editable in production!?!


Hello everyone,

with great surprise I just noticed that OOSP (the transaction for defining structural authorizations) allows edit mode in our production system. This is undesirable, seeing that all changes to our profiles should be transported.

The underlying tables, T77PR and T77PQ, are delivery class "C" (Customizing), so basically, they should require a transport request and not be directly editable in any system but development. A consultant pointed me towards the fact that these tables are defined as "current settings" tables which allegedly allows to circumvent the basic fact that delivery class "C"-tables cannot be edited in the subsequent systems. However, it is not possible to edit OOSP in our test system, but it is possible in production?! That does not appear to make any sense to me, so my feeling is we still have some setting wrong in our production system. However, on our production system no changes are allowed in transaction SCC4. So where else should I look for the cause?

The consultant suggested removing the table from the list of "current settings" tables, but if I do so, the system asks me for an object registration key, so obviously this would be a modification, and I am having a hard time believing that disallowing direct changes to structural auth profiles on production requires a modification when it is no problem disallowing them on the test system?

(We have a 3-layer system architecture: development system -> test system -> production system.)

Thank you in advance,