To use SU24 or to not use SU24 that is the question
Can i get the opinion from a few seasoned SAP Security Engineers about using SU24. Over my experience I have not maintained SU24 considering this is mostly overhead that would need to be maintained and documented over time. A mature role library does not require much maintenance and we find that transactions are authorized differently depending on the user/role being assigned the transaction. However, I believe for items such as Movement Type and Classification Type SU24 can be very valuable for maintaining corporate standards.
Basically I am looking for arguments for the use and arguments against the use so I can make a educated decision as to whether implement or not implement.
Julius von dem Bussche replied
> Michael Mease wrote:
> Over my experience I have not maintained SU24 considering this is mostly overhead that would need to be maintained and documented over time. A mature role library does not require much maintenance and we find that transactions are authorized differently depending on the user/role being assigned the transaction.
It starts off like that, or looking as if it will remain like that when changes are required or upgrades need to be "processed"...
> However, I believe for items such as Movement Type and Classification Type SU24 can be very valuable for maintaining corporate standards.
I am sure you will find a few more.
> Basically I am looking for arguments for the use and arguments against the use so I can make a educated decision as to whether implement or not implement.
I wrote a blog on this a while back together with someone I met here ( see How to get hit by the ABAP authorizations bus, and survive to tell the tale - Part 1 ) and was recently reminded that Part II is overdue... it is almost finished.
Cheers,
Julius