Skip to Content
Oct 26, 2006 at 02:05 PM

Gung Ho security team vs Debug with replace in development


Hi fellow developers. I'm trying to talk our security team off the ledge and I want to conduct an informal poll regarding the responsible use of debug with replace in a DEVELOPMENT environment. For the newer developers.. replace is much more powerful in debugging because you can change the values of variables and some system fields like sy-subrc which makes it very powerful.

Our development environment is setup as follows:

Client 300, ABAP Development \config. We promote to QA, and Prod from here but can't unit test because no data allowed. Debug with NO replace allowed here.

Client 320 Unit testing, debug with replace is allowed.

both of these clients are on the same instance, same sid so they share client independent information.

Our security team claims that it's a security risk to allow debug with replace in our Client 300 because someone could change a security profile or something like that. Here's my question...

Are you authorized to debug with replace in your development environment and if not, what's the reason you were given? I'm looking for arguments one way or the other to use as precedent for a meeting.

Your prompt response is appreciated.