By using su24 we maintain the authorization objects that
needs to pulled or checked when adding in the menu of a
role.
when you change the Flag indicators to yes or No,the
corresponding authorization object will be Pulled in or
Pushed out of a role.
Thats not what i have asked Guru. I am aware of what is su24
used for. My question is different. You have told about
Proposal filed. I need for Check indicator field.
Whenever user executes any t-code, the AUTHORITY-CHECK
statements in ABAP program or report checks authorization
objects against its values for that particular user. But
these authorization objects are left unchecked if the value
against them is set to "Do not check" under Check indicator
field in SU24,even if they are coded in program. So it is
this value that decides whether to check any authorization
object or not.
Thanks Ruchika, the above quoted answer is in scope of my
knowledge. But i am looking for the technical process which
skips the auth-check for an object which is marked Yes from
No in Auth Check column in su24.
su24 displays the value of usobx_c and usobt_c of the tables. And whenever you change to yes to the particular object that will appear in the authorization maintainence screen and if no you will not be able to see the particular object in the authorization object.
Please could you read the question once again guys. I need
technical rreason how this change makes impace in
background process. Adding more to ur response, you have
told about proposal column, i want to know about check
indicator column, how it impacts the auth-check when we
change it from yes to no.
N = Do not check; X = Always check; Y = Check + USOBT entry
The flag indicates how the system is to deal with the
authorization object (new mode) for an authorization check.
Value 'N' Authorization object is not checked when the
transaction is called.
Value 'Y' Authorization object is checked when the
transaction is called. The values for the fields of the
authorization object must also be maintained in table USOBT
for the profile generator.
Value 'X' Authorization object is checked, but the field
values are not specified in table USOBT for the profile
generator.
Value (SPACE) A valid flag ('N', 'X', or 'Y') has not yet
been assigned to the authorization object.
when ever the T-Code is assigned/added to role
it is going to pullout the authorization objects which are
maintained as Yes in SU24.
for your query if you set the value of the object from "No"
to "yes" then the object will be pulledout and you can
maintain the values in PFCG, when you add this T-Code to
any Role.
if you change the value of the object from "Yes" to "No"
the authorization objects will not be pulledout.
No -> yes
changed auth. objects 'are now included in the affected
roles.if any field does not have a value in the role, then
authority check for the user will fail.
Yes -> No
changed auth. objects are now removed from the affected
roles. there will be no failure of authority check.
how we Restrict the auth groups for table maintain, creating
Auth group using SE54 to built new Auth groups to restrict
tables via auth object S_TABU_DIS
This is in continuataion to the previous question.
a user is assigned with tcode SA38.how to restrict him to
execute only a few reports,say rsusr003.If you're going to
modify the role(having sa38) assigned to the user,that will
affect other users also because that role might be assigned
to multiple users.I don' want that to happen.so what is the
solution?
Did you received any Funny E-Mails from your Friends and like to share with rest of our friends? Yeah!! you can post that stuff 
Site Map
