Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

regarding open authorizations

Former Member

‎12-21-2008 1:28 AM

0 Kudos

Gurus,

Is it any harm in keeping open authorization that is one of empty value to the fields for an object, moving that role to production and assigning it to end users. Please clarify this.

Thanks

9 REPLIES 9

Former Member

‎12-21-2008 4:14 AM

0 Kudos

Hi,

Frankly speaking I would want to see all my traffic signals green by entering the values or by deactivating unnecessary objects. If you can deactivate your object then it is a better proposal rather than leaving it open.

Anyways, I dont think there is any risk in leaving an authorization open as you can still generate the role and assign it to the user.

Former Member

‎12-22-2008 6:36 AM

0 Kudos

Hi,

There is no harm in having open authorizations but this is authorization of no use as it is equivalent to not including that auth.

Former Member

‎12-22-2008 9:28 AM

0 Kudos

Of course it will make your role overview ugly and you will have less (almost no) ability to spot a role which is incomplete (incorrectly so).

Rather disable the authorization if you don't want it. If you never want it, change the SU24 indicators to "Check".

Cheers,

Julius

sreekanth_sunkara
Active Participant
In response to Former Member

‎12-23-2008 3:04 PM

0 Kudos

Hi,

what happens if you put "?" (question mark) instead of leaving that field empty.

because i was told by some one to put "?" if you don't want to give them access.

In one company i saw that they kept "?" in Org Values, because they don't want to give full access or any access.

thanks,

Sun

Former Member

‎12-22-2008 3:16 PM

0 Kudos

Julius,

We want the authorization object. It is just that we do not want one field in it. I think it is better that we eliminate that particular field value for that authorization object. What do you guys suggest.

Thanks

Former Member
In response to Former Member

‎12-22-2008 3:26 PM

0 Kudos

Can u elaborate your requirement by mentioning the object and the field....As mentioned earlier there is no rsik as such in keeping the object open.

Former Member

‎12-22-2008 4:13 PM

0 Kudos

The name of the object is c_apo_sel3 and the field name is name of dp and snp planning area

Former Member
In response to Former Member

‎12-23-2008 6:30 AM

0 Kudos

These are APO authorization objects.

Have you checked if the object C_APO_SEL2 is still in the role, if yes then C_APO_SEL3 may not be required. C_APO_SEL2 is an obsolete object.

I would assume if the users are able to function normally as per their requirements then you may leave them open. There is no setting to deactivate the field within a role unless you alter the standard object altogether which is not recommended.

To ensure that there fields are not checked you can run trace and find when the object is called what are the fields being checked.

However trace can also not be hundred percent reliable

sreekanth_sunkara
Active Participant
In response to Former Member

‎12-23-2008 3:03 PM

0 Kudos

Hi,

what happens if you put "?" (question mark) instead of leaving that field empty.

because i was told by some one to put "?" if you don't want to give them access.

In one company i saw that they kept "?" in Org Values, because they don't want to give full access or any access.

thanks,

Sun