Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Copy object from one authorization object classe to another one

Former Member

‎09-27-2010 2:48 PM

0 Kudos

Hello experts,

due our revision we have the demand to copy our custom context sensitve authorization object from the old authorization class to a new one.

Ist this generally possible? What are the impacts?

Any ideas?

Many Thanks!

Marco

5 REPLIES 5

Former Member

‎09-27-2010 3:08 PM

0 Kudos

> Ist this generally possible? What are the impacts?

I would think this is possible

My understanding would say that, If you have the earlier Z-Objects in the SAP defined object clasess - they will by default appear in SAP_ALL profile.

If you have a custom Object class and if your objects are moved to the custom class - SAP_ALL wouldnt have the Z-Object class listed (unless you regenerate SAP_ALL)

sdipanjan
Active Contributor

‎09-27-2010 3:11 PM

0 Kudos

Hi,

Why want to change the Object class? Theoretically as well as practically it is possible but I hope changing a Object class is not required after a long period of usage. Since we don't need to maintain the Object class as a Security check point as such so there is not activity required in analysis and remediation phase after the change (even for HR object also).

But the Objects appear in it's Object class in the role authorization data. So you need to search the roles where the Objects are present and do a re-generation of the profiles by using option "Edit Old Status and Merge with New Data".

Regards,

Dipanjan

Former Member

‎09-27-2010 11:19 PM

0 Kudos

> due our revision we have the demand to copy our custom context sensitve authorization object from the old authorization class to a new one.

That is a strange revision (audit) demand... Did you challenge them whether they have ever done this before and survived as release upgrade?

Is SAP_ALL otherwise okay for them? For example that people can write their own programs or maintain PRGN_CUST to include Z-classes again...

Have you tried to simply remove all profile assignments to SAP_ALL and replace them with proper roles and restrict SAP*'s HR profiles to that which applies to all users which are not employees?

You are definately barking up the wrong tree here by moving SAP objects to Z object classes and expecting it to be secure...

Cheers,

Julius

Former Member
In response to Former Member

‎09-28-2010 10:39 AM

0 Kudos

>

> You are definately barking up the wrong tree here by moving SAP objects to Z object classes and expecting it to be secure...

Hi Julius,

I think one of us got this wrong, not sure who .........I thought the OP was mentioning about custom objects (my inference was Z-objects) and not moving standard SAP objects

Bernhard_SAP
Employee
Employee

‎09-28-2010 11:04 AM

0 Kudos

Hi,

can't imagine, why revision could ask for such a change. The assignement to a class has zero impact on revisable events/processes, functionality etc. But nevertheless, if the 'Gods in black suits' require this....

So back to the original question....

I cant't imagine any impacts of changing the class (as long as we are talking about Z-objects and Z-classes....)

You can perform the change easily within SU21. Etner the object in change mode, cancel the where-used->change class->save.

b.rgds, Bernhard