Does open Authorization object in a role have any ...

Former Member · ‎01-04-2013

Hi All,

Came across a senerio and need your advise.

We have Master dervied role conscept, In One role Authorization object is yellow as on field value is in maintained.

As per my understanding this should not have impact as it will not be added to the user buffer.

But when i checked in the role i found that, this insatnce is present in the role profile and the missing value is updated by ' '.

Can you help me to understand what the impact will be on security? I have checked most of the roles with yellow object and the same field is present in the profile.

I know as per best practicse its always better not to have any objects as Red and Yellow in any role. We are working on cleining up all roles, but before this i need to know the impact of the yellow object in the existing role.

Thanks in advance for your help.

Joel G

Former Member · ‎01-23-2013

Hi Joel,

In SAP authorizations are granted - it means user has access only to data ranges defined. If you have definet such '' values - than user will acces it. but in general it is treated as so called <DUMMY> value (which you can often see in SU53 report)..

Concerning "open" authorizations - the possible impact is that the user will be able to start transaction which requires specific authorization object (so - existence of this object is checked in user buffer during transaction start). But what user acan do inside transaction - it depends on the code (if also inside tcode auth. check is performed for the same object).

Former Member · ‎01-23-2013

Hi Joel,

There is no impact; however, I would recommend if the end user is not complaining about authorization issues within that role you should simply inactivate that authorization object.

There could be many reasons why the role has authorization that have not maintained (i.e recent upgrade, SU24 changes etc).

Hope this helps.

Does open Authorization object in a role have any impact?