05-05-2009 10:13 PM
Hi experts,
We are maintaining auth obj for all tcodes in SU24. We have turned on some auth objects that were not proposed (PROPOSAL -NO) by SAP by default. But there are some objects that are missing in SU24 for some SAP delivered tcodes.
For ex. We have ME21n( create PO) which is checking for F_FMMD_MES. this is based on the trace results (ST01).
But when we check in SU24, it has several other FM auth object but this particular object is missing.
Can we add this object in SU24 and maintain it?
Is it a good practice to add auth object in SU24 for SAP delivered tcodes?
Please let me know
Thanks
Kee
05-05-2009 11:08 PM
> Is it a good practice to add auth object in SU24 for SAP delivered tcodes?
It is a good practice to report it to SAP, their them to add to the standard.
If it is a special customizing dependent object, which you have activated and others are not normally expected to be bothered by via having to investigate it or grant * auths for because they dont think that they use it... then add it to Su24.
SU24 is the proposals of your own authorization concept. It belongs to you.
Cheers,
Julius
05-06-2009 3:36 PM
> > Is it a good practice to add auth object in SU24 for SAP delivered tcodes?
> It is a good practice to report it to SAP, their them to add to the standard.
I agree. Also please make sure that you performed the testing correctly while tracing through ST01. Because, if you checked something which is pulled by some other TCode (which is not required for this test and present in roles without your observation).
Regards,
Dipanjan