Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

S_DEVELOP Missing debug authorization

Former Member

‎03-10-2011 2:29 PM

0 Kudos

Hi,

i just found that in our prod env. for bw for all developers we have S_DEVELOP authorization with all activities (*).

i just need to provide them debug access in prd without having access to change the values while debugging.

i see all the activities for S_DEVELOP but not sure what all of them does and why its been given *. can some one explain me all the activities and explain which one should be given ? also, should there be any restriction on DEVCLASS, OBJNAME, OBJTYPE, P_GROUP etc. coz all of them are having * value.

01 - create or generate

02 - change

03 - display

06 - delete

07 - activate, generate

16 - execute

40 - create in DB

41-delete in DB

42 - convert to DB

70 - administer

90 - override

L0 - all function

MA - Deactivate mod. assistant

Thank Y

7 REPLIES 7

Former Member

‎03-10-2011 2:32 PM

0 Kudos

Hi!

just give them

ACTVT 02

and

OBJTYPE DEBUG

have fun

Flo

Former Member
In response to Former Member

‎03-10-2011 2:33 PM

0 Kudos

sorry...

for sure in S_DEVELOP

ACTVT must be 03

have fun

FLo

Former Member
In response to Former Member

‎03-10-2011 3:30 PM

0 Kudos

thank you for response florine -

i want to give them debug access but they should not be able to change the values in prod while debugging.

activity 02 is change...

Thanks,

Keral

Former Member
In response to Former Member

‎03-10-2011 3:33 PM

0 Kudos

Hi!

yes please see my second respone...

you are absolutely right,

ACTVT must be 03!!!!

have fun

FLo

Former Member
In response to Former Member

‎03-10-2011 5:00 PM

0 Kudos

If I give 03 and 16 - they still have problem cannt debug.

so i think i have to give them 01, 03, 16

right ?

do u have specification for other activities ? what r they for ?

mvoros
Active Contributor
In response to Former Member

‎03-10-2011 7:37 PM

0 Kudos

Hi,

all relevant activities for DEBUG are described in documentation for S_DEVELOP which can be accessed from SU21. There is also note 65968.

Cheers

Former Member

‎03-10-2011 9:17 PM

0 Kudos

Probably this comes from the role SAP_BW_DEVELOPER which is a piece of **** (sorry).

All aspects (even display debugging) is critical.

Try to remove all S_DEVELOP authorization and show them some of the blogs on SDN about transaction SE14 and debugging process chains.

What you need to give them in return is an emergency user concept for when them within the BW (not the target system for the extraction) need to be able to use database utilities.

9 times out of 10 there are better solutions, which they will find by necessity if their access is removed.

They will then either improve their coding quality or start building in backdoors (changing ALEREMOTE or BWREMOTE to a service or dialog user and claiming that it cannot work without SAP_ALL and SAP_NEW (also stupid) is one such trick).

Sorry for the rant. It was spontaneous and honest

Cheers,

Julius