Skip to Content
avatar image
Former Member

auth/no_check_in_some_cases set to N?

Good Morning,

I am having a little trouble with finding out if this authorization object should be set to "N" or "Y". Here is the explanation in the AS_ABAP security guide from SAP:

Setting Up Role Maintenance

You must first configure the system so that you can use the role maintenance function in the

Profile Generator tool. To do this, perform the following steps: ...

1. Set the profile parameter auth/no_check_in_some_cases to the value Y.

2. Execute transaction SU25.

The transaction Profile Generator: Upgrade and First Installation (SU25) copies the proposals for

check indicators and authorization field values delivered by SAP to the customer tables, which

you can then change.

You can then use the role maintenance functions and the Profile Generator to manage the

authorization information for your users.

Is this for Development since that is where you do role maintenance? Should this be set to N in Production? I am having trouble getting to notes right now and I have read about note 416016 but have not read it yet. By setting this to N will it not do any authorization checks? or will it just not bring items in from SU24/SU25 (USOBT_C) when generating a profile (which should not be done in PRD anyway).

Thanks in advance for any assistance.

Kind Regards,


Add comment
10|10000 characters needed characters exceeded

  • Get RSS Feed

1 Answer

  • Best Answer
    avatar image
    Former Member
    Dec 05, 2008 at 02:29 PM

    It will prevent the system from using "no check" indicators.

    It is sometimes the case that transactions or functions are re-used with certain parameters (otherwise you would need to code the whole lot redundantly again...) but it might not be desirable that the user be able to start the transaction directly, maintain all the initial screen values themselves... or be able to complete the function unless it is from a specific calling context which you can control and want the user to be able to use it in those cases.

    So it is possible to skip some of the checks but only IF the calling transaction has been setup for it - i.e. maintained in SU24 with a no check indicator, or disabling the check in SE97.

    Can be very usefull, but also a bit dangerous if used carelessly.



    Add comment
    10|10000 characters needed characters exceeded

    • Former Member Former Member


      Thanks you for your assistance. This does help clear things up. I do understand SU24 and what/how it is used... I was just having trouble grasping the use of that profile parameter.

      Thank you again for your assistnace.