Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Gung Ho security team vs Debug with replace in development

Go to solution
dan_scheck
Explorer

‎10-26-2006 3:05 PM

0 Kudos

Hi fellow developers. I'm trying to talk our security team off the ledge and I want to conduct an informal poll regarding the responsible use of debug with replace in a DEVELOPMENT environment. For the newer developers.. replace is much more powerful in debugging because you can change the values of variables and some system fields like sy-subrc which makes it very powerful.

Our development environment is setup as follows:

Client 300, ABAP Development \config. We promote to QA, and Prod from here but can't unit test because no data allowed. Debug with NO replace allowed here.

Client 320 Unit testing, debug with replace is allowed.

both of these clients are on the same instance, same sid so they share client independent information.

Our security team claims that it's a security risk to allow debug with replace in our Client 300 because someone could change a security profile or something like that. Here's my question...

Are you authorized to debug with replace in your development environment and if not, what's the reason you were given? I'm looking for arguments one way or the other to use as precedent for a meeting.

Your prompt response is appreciated.

Dan

1 ACCEPTED SOLUTION

Go to solution
Former Member

‎10-26-2006 3:11 PM

0 Kudos

I've worked at approx 20 clients and have ALWAYS had the ability to replace while debugging in development environments.

In my opinion, it's particularly critical when debugging SAP standard code.

3 REPLIES 3

Go to solution
Former Member

‎10-26-2006 3:11 PM

0 Kudos

I've worked at approx 20 clients and have ALWAYS had the ability to replace while debugging in development environments.

In my opinion, it's particularly critical when debugging SAP standard code.

Go to solution
former_member181962
Active Contributor

‎10-26-2006 3:12 PM

0 Kudos

Hi Dan,

We ARE given the authorization for replace in debugging.

I don't think it is such a big security risk that someone would try to change sensitive information becuase those transactions would have authorization checks anyway.YOu can handle the authorizations to user for transactions using roles.

Regards,

ravi

Go to solution
Former Member

‎10-26-2006 3:56 PM

0 Kudos

Hi

I think the option can be dangerous in QA or PROD system because you can skip some control and change the data normally can't be changed.

A classicl example is trx SE16: by debug you can change directly the data of the most of tables.

But I don't believe can be a risk in development system, in this enviroment the developer should have no limit, otherwise to work and test can belong very hard.

Max