Skip to Content
author's profile photo Former Member
Former Member

' ' Entries in SU53's

Can anyonre provide more information as to why in a lot of our SU53's we have these entries

' '

(two single quotation marks)?

This in is HR Authorizations and can occur in Org Key, Pers Num, or anything else under P_ORGIN or PLOG auth object. Can anyone explain what they mean? We do not add them in because it appears to give a lot more access than required.

Thanks.

Add a comment
10|10000 characters needed characters exceeded

Assigned Tags

Related questions

3 Answers

  • Posted on Jan 15, 2009 at 07:32 PM

    They are dummy values. You can add them to authorizations without any risk, they do not override other authorizations if that's what you fear.

    If you search the forum for 'dummy' you'll probabely find more info.

    Add a comment
    10|10000 characters needed characters exceeded

  • author's profile photo Former Member
    Former Member
    Posted on Jan 15, 2009 at 08:48 PM

    Searching for "DUMMY" will lead you to this thread eventually =>

    Im my opinion, it does not make sense to supply a "dummy value" (like "asdf" or " " (2 spaces) to satisfy the check because the coding is indicating that there must be something (which is real intended authorization value), but at the point where this "safety-check" (or sanity-check) is performed (often "upfront") the system does not care yet what the user can actually do. But they must be able to do something "real" in the transaction.

    The same can be used for a "space" (please compare the ABAP keyword documentation for "DUMMY" and "SPACE" statements) to satisfy the DUMMY check, but it is (perhaps unfortunately) used as well in the coding to permit the start of certain transactions without giving the user the ability to use an important part of it.

    As far as I am concerned, these SPACE checks are antiquated and confusing, and should be eliminated. If the application functions make the correct checks dependent on the behaviour of the user, I dont see the need for such "spaced out" checks..

    A correct "DUMMY" should be sufficient upfront, and if the checks are complex, then there are plenty of ABAP techniques to do it in a better way.

    My 2 cents,

    Julius

    Add a comment
    10|10000 characters needed characters exceeded

  • author's profile photo Former Member
    Former Member
    Posted on Jan 15, 2009 at 09:40 PM

    I fully agree. They're only complicating the matter. Either you have authorization or you don't. If you do, provide a value on that authorization not empty space.

    In searching for "Dummy" I found this explanation:

    Some auth. objects fields may have dummy values which means auth field is not used to perform any check & so is not initialised

    That is not good. Why put an auth field in if it's not being used. Why let it pass an authorization check (which is exactly what it does).

    I have no fears it will overwrite access, my fear was that it opens up access and those fears were confirmed. Upon removing the "dummy" quotes the access was again restricting as it should. That is why I posted here. It DID give access, it skipped some authorization checks. It gave more access than was requested.

    I guess since no solid explanation is given I will just ignore the SU53's that call for it.

    Appreciate the input everyone.

    Add a comment
    10|10000 characters needed characters exceeded

    • Former Member

      Hello Lara,

      If you have read the ABAP documentation for the Authority-Check statement you would have read that the dummy statement is used to "suppress unnecessary authorization checks or to carry out checks before the user has entered all the values".

      If the user while executing the tcode has left the field blank then it would pass the authority-check as long as he has the authorization for ' ' (single quotes) for this field in the authorization object. However if the user has entered a real value which does not correspond to the authorization field values the check would fail.

      I am just copy pasting the example from the ABAP documentation which explains in very simple terms how this works:

      Object: M_EINF_WRK

      ACTVT 01-03 , WERKS 0001-0003.

      With this authorization user can display and change plants within the Purchasing and Materials Management areas.

      Such a user would thus pass the checks

      AUTHORITY-CHECK OBJECT 'M_EINF_WRK'

      ID 'WERKS' FIELD '0002'

      ID 'ACTVT' FIELD '02'.

      AUTHORITY-CHECK OBJECT 'M_EINF_WRK'

      ID 'WERKS' DUMMY

      ID 'ACTVT' FIELD '01':

      but would fail the check

      AUTHORITY-CHECK OBJECT 'M_EINF_WRK'

      ID 'WERKS' FIELD '0005'

      ID 'ACTVT' FIELD '04'.

Before answering

You should only submit an answer when you are proposing a solution to the poster's problem. If you want the poster to clarify the question or provide more information, please leave a comment instead, requesting additional details. When answering, please include specifics, such as step-by-step instructions, context for the solution, and links to useful resources. Also, please make sure that you answer complies with our Rules of Engagement.
You must be Logged in to submit an answer.

Up to 10 attachments (including images) can be used with a maximum of 1.0 MB each and 10.5 MB total.