RE: [sap-security] Authorization Object not validated at execution time
Posted by
Admin at
|
Share this post:
|
|
0 Comments
 | Posted by Dave Thornburgh (SAP JOAT) on May 6 at 3:13 PM |  Mark as helpful |
It's actually more wrong than that, HM.
Normal transaction execution NEVER checks the value in the role (as created in PFCG) against the values maintained as defaults in SU24. The only thing that normally looks at the SU24 values is PFCG itself.
Dave
From: henrikmadsen2 via sap-security [mailto:sap-security@Groups.ITtoolbox.com]
Sent: Thursday, May 06, 2010 2:01 AM
To: Dave Thornburgh
Subject: Re: [sap-security] Authorization Object not validated at execution time
Posted by henrikmadsen2 (GRC Consultant )
on May 6 at 5:03 AM Mark as helpful
No, that is not quite true... If there is no code in the program, the object
isn't checked. It's not always the case, but more often than not...
On 6 May 2010 18:44, Chuma Chukwudozie via sap-security <
sap-security@groups.ittoolbox.com> wrote:
> Posted by Chuma Chukwudozie(SAP Security & Authorization/ mySAP ERP HCM solution Consultant)
> on May 6 at 4:45 AM
> hi like Sonia said,
>
> you have to set the object indicatior to CM(Check Maintain).
>
> that way, when you run the associated transaction, the system checks the
> values on the object in PFCG, against what was maintained in SU24.
>
> chumy
>
> ---------------Original Message---------------
> From: LouisLau
> Sent: Wednesday, May 05, 2010 6:22 PM
> Subject: Authorization Object not validated at execution time
>
> > Hello all,
> >
> > With transaction SU24, I change the Check Indicator for transaction CJI3,
> Object K_REPO_OPA to 'Check' and Proposal to 'YS'; the values are populated
> correctly in PFCG. However, the Object K_REPO_OPA is not validated at
> execution time. What do I have to do to activate the check?
> >
> > Thank you in advance,
> > Louis
__.____._ Normal transaction execution NEVER checks the value in the role (as created in PFCG) against the values maintained as defaults in SU24. The only thing that normally looks at the SU24 values is PFCG itself.
Dave
From: henrikmadsen2 via sap-security [mailto:sap-security@Groups.ITtoolbox.com]
Sent: Thursday, May 06, 2010 2:01 AM
To: Dave Thornburgh
Subject: Re: [sap-security] Authorization Object not validated at execution time
Posted by henrikmadsen2 (GRC Consultant )
on May 6 at 5:03 AM Mark as helpful
No, that is not quite true... If there is no code in the program, the object
isn't checked. It's not always the case, but more often than not...
On 6 May 2010 18:44, Chuma Chukwudozie via sap-security <
sap-security@groups.ittoolbox.com> wrote:
> Posted by Chuma Chukwudozie(SAP Security & Authorization/ mySAP ERP HCM solution Consultant)
> on May 6 at 4:45 AM
> hi like Sonia said,
>
> you have to set the object indicatior to CM(Check Maintain).
>
> that way, when you run the associated transaction, the system checks the
> values on the object in PFCG, against what was maintained in SU24.
>
> chumy
>
> ---------------Original Message---------------
> From: LouisLau
> Sent: Wednesday, May 05, 2010 6:22 PM
> Subject: Authorization Object not validated at execution time
>
> > Hello all,
> >
> > With transaction SU24, I change the Check Indicator for transaction CJI3,
> Object K_REPO_OPA to 'Check' and Proposal to 'YS'; the values are populated
> correctly in PFCG. However, the Object K_REPO_OPA is not validated at
> execution time. What do I have to do to activate the check?
> >
> > Thank you in advance,
> > Louis
Copyright © 2010 Toolbox.com and message author.
Toolbox.com 4343 N. Scottsdale Road Suite 280, Scottsdale, AZ 85251
Toolbox.com 4343 N. Scottsdale Road Suite 280, Scottsdale, AZ 85251
Dave ThornburghSAP Security Enthusiast
Contributed 100 posts in a group to earn a Bronze Achievement
Related Content
In the Spotlight
White Papers
In the Spotlight
Your SAP Security is at Risk...Learn How to Stay Protected. Read the free white paper from SenSage
View this thread online
Manage group e-mails
Create an FAQ on this topic
Tell us what you think
Unsubscribe from discussion
Manage group e-mails
Create an FAQ on this topic
Tell us what you think
Unsubscribe from discussion
_.____.__ 
