02-16-2012 11:53 AM
As discussed in previous threads the following was indicated wrt auth/object_disabling_active:
The auth/object_disabling_active parameter is a prerequisite for globally deactivating checks on individual authorisation objects.
If the paramter is set to "Y", the disabling of checking of authorisation objects globally through transaction u201CAUTH_SWITCH_OBJECTSu201D is not prevented.
My question:
What is the risk associated, if the transaction AUTH_SWITCH_OBJECTS is not contained within any role or assigned to any user including the authorisations team? Due to this transaction not being assigned or even in existence within our productive environment, no auth object has been disabled from auth relevancy.
Thank you!
02-16-2012 12:16 PM
Even auth_switch_objects on it's own is not enough.
But if there is no intention to turn objects off globally and none are turned off then it cannot harm much to turn it off, no?
Some folks got a bit nervous when transaction SU24_CHECK flew up, but that has been deactivated and I am not aware of any other dark horses which globally disable checks client specifically (except of course the usual table editing tools....).
Cheers,
Julius