02-25-2009 11:02 PM
What is the best practice for security around custom transactions? Should I ask the developers to include the authority-check as part of the code? Should I always add auth objects in SU24 for all custom transactions? What else should be done in terms of securing custom transactions?
Thanks,
Bliss
02-26-2009 2:57 AM
Hi,
It is always recommended to included AUTHORITY CHECK in the program. Once the custom transaction code is created, you can include the object thru SU24.
However, if you are modifying an existing transaction (adding object in su24 for the existing tcode), ensure to retransport them to production and regenerate the roles. Else, the changes will not be imparted to the existing roles.
Hope this helps you.
Regards,
Raghu
02-26-2009 2:57 AM
Hi,
It is always recommended to included AUTHORITY CHECK in the program. Once the custom transaction code is created, you can include the object thru SU24.
However, if you are modifying an existing transaction (adding object in su24 for the existing tcode), ensure to retransport them to production and regenerate the roles. Else, the changes will not be imparted to the existing roles.
Hope this helps you.
Regards,
Raghu