Activity - L0 - All functions

Former Member · ‎11-07-2010

Hello All,

Could any one explain what is this activity - L0-All functions meant for?

We can find this activity in S_DEVELOP auth object.

Thanks and Regards, Pradeep

martin_voros · ‎11-07-2010

Hi,

It's partly described in documentation for S_DEVELOP. It's SAP internal activity. I doubt that any user needs this authorization.

Cheers

Former Member · ‎11-07-2010

I think the problem is that the search help ignores the system transport type, amongst several other things.

In "customer" type systems the L* activities are mostly useless, I already tested that on some applications via SAPGui.

I faintly suspect that it has something to do with "test modes" of some applications --> with L* auths you can pass all auth checks but not make any DB commits, etc.

That the ACTVT is available in customer systems makes sense (now that F7 is blocked) but the documention could be improved probably.

How about a warning message which is intuitive?

Cheers,

Julius

Former Member · ‎11-08-2010

Hi Julius

(now that F7 is blocked)

- Good - that was a nasty little backdoor

I'm fairly certain I've seen that LO all functions in another (not S_*) object for finance, it appeared to open up options to display which were being restricted but I can't remember which ones...

Cheers

David

Former Member · ‎11-08-2010

You might have seen it in any of the following objects:

B_EM_TCODE   Logistics - Check Transaction Code at Start of Transaction
DF_INIT_AE   Initialization of New Systems
D_SD_TCODE   Direct Store Delivery - Check Transaction Code at Start
E_CACS_CTR   Authorization for Commission Contracts
E_PFO_ADM    Administration in Portfolio Assignment
E_PFO_MAS    Mass Activities in Portfolio Assignment
E_PFO_OBJ    Objects in Portfolio Assignment
F_PAIT_ACG   BCA Payment Item: Authorization Group According to Account
F_PAIT_ATT   BCA Payment Item: Authorization Types
F_PAIT_BKA   BCA Payment Item: Bank Area
F_PAIT_BPG   BCA Payment Item: Authorization Group According to BP
F_PAIT_GRP   BCA Payment Item: Authorization Group
F_PAIT_PRG   BCA Payment Item: Authorization Group According to Product
F_PAOR_ACG   BCA Payment Order: Authorization Group According to Account
F_PAOR_ATT   BCA Payment Order: Authorization Types
F_PAOR_BKA   BCA Payment Order: Bank Area
F_PAOR_BPG   BCA Payment Order: Authorization Group According to BP
F_PAOR_GRP   BCA Payment Order: Authorization Group
F_PAOR_PRG   BCA Payment Order: Authorization Group According to Product
F_RTP_ACT    Retirement plan: Activity
GRCFF_0001   Superuser Privilege Management
J_1IEWT_HC   health check for Migration to EWT
J_1IFACSL1   Authorization for ARE1
K_KA_RPT     CO: Interactive Drilldown Reporting - Reports
K_KEB_REP    Profitability Report: Report Name
P_PBSPWE     Process Workbench Engine (PWE) authorization
S_DEVELOP    ABAP Workbench
S_SRMPATH1   SRM - Process Route
V_SO_TCODE   Vehicle Space Optimiztion: Check Transaction Code at Start

I don't see any common theme amongst them nor coding technique used. It is quite likely that the intention is to determine the visibility of functions (such as tabs and buttons) which the user can then start, but does not necessarily have the authorizations to complete.

In the case of S_DEVELOP I could not see this activity being used anywhere in SE38 nor SE80 nor the central function module RS_ACCESS_PERMISSION.

I have also encountered it in other objects where it had no affect.

Perhaps Bernhard can find out what the intention is (or what is in the pipeline).

Cheers,

Julius

Bernhard_SAP · ‎11-09-2010

>

Julius Bussche wrote:
> 
> In "customer" type systems the L* activities are mostly useless, I already tested that on some applications via SAPGui.
> 
> I faintly suspect that it has something to do with "test modes" of some applications  --> with L* auths you can pass all auth checks but not make any DB commits, etc.

Unfortunately you can't say that generally. As the activities are defined centrally and can be used by any application, its their (the applications) choice which activity they use. L0 is a good example.

As per its description ( L0 = All functions ) activity L0 would be equal to '*'. But of course it is not. The description has to be as generic as possible so that the activity can be used applciation independent.

So we know, that each application may use any possible activity. And the use also L0 and not only in SAP systems. One example:

[From Online docu|http://help.sap.com/saphelp_erp60_sp/helpdata/en/5c/8db2a1555411d189660000e829fbbd/frameset.htm] -->CA Drilldown reporting uses the activities L0-L2 to verify, which buttons/functions are available....

So we cannot say generally, that any L*-activity is for instance for testing w/o db commits or something similar.....

So SAP has to deliver the L*-activities also for customer systems, as they are used already (but we cannot know, where (in which coding) it is used.....

b.rgds, Bernhard

Former Member · ‎11-09-2010

Unfortunately you can't say that generally.

Darn, I was hoping to be able to say that specifically... ;-(

It would be very usefull as a consistent feature of the ACTVT available to all application which want to provide such a mode.

This use (test mode), combined with a "visibility" semantic for other applications and at other times interpreted to be a "full authority" by programs will certainly create some confusion and SU53 is going to be doing what it does worst to achieve this...

In all cases I would assume that a single authority-check statement against ACTVT = 'L0' should always be preceeded by a granular check against the real explicit value which the user might be equiped with otherwise it would not make sense (to me) and always force "all functions" or "full authority" to be granted to the user.

Cheers,

Julius

ttrapp · ‎02-07-2012

In the area of package checks you need it for certain modifications of packages like it is described here: http://help.sap.com/saphelp_470/helpdata/EN/ea/c05d8cf01011d3964000a0c94260a5/content.htm

Regards,

Tobias