Hello folks,

I have a general question on SU24 because I'm a newbie at SAP Security :-). When I was at ADM940 some weeks ago I was told that SU24 only actuates how PFCG acts when creating a new role (suggestions) and there is no action on how the programms check the authority objects. Some other folks told me that the Check Indicator actuates how the object is checked when accessing the affected transaction.

As far as I know the authority check in SAP works like this:

- Kernel checks for S_TCODE xy

- Kernel checks tab TSTCA for additional objects to be needed

- If there's an authority check in the programm, the coded check will be done on the affected object

Could anyone please tell me what exactly is affected by changing the Check Indicator from for example "Do not Check" to "Check". Maybe there was a misunderstanding

Thanks in advance, have a nice weekend!