05-06-2014 8:11 PM
We are implementing Context-Sensitive Security. Once we're ready to Go-Live, we'll empty the table T77UA (OOSB). Do we need to leave SAP* or we can completely delete the table?
Since the table is no longer read (we've activated the BAdi to do the virtual assignment), I would think it's ok to remove it but I have a small doubt.
Can someone confirm that SAP* is no longer required in OOSB when we activate context-sensitive security?
Thanks
Sophie
05-09-2014 8:41 AM
Hi Sophie,
The OOSB entry for SAP* is the fallback profile for when no other structural profile is found. Even if you activated the BADI (assuming HRBAS00_GET_PROFL), it is still possible that it throws a no_profile_found and in that case the user will get the profile that SAP* has in table OOSB.
I wouldn't suggest deleting the entry. Replacing it with a basic profile like Julius suggested is probably the best idea, but this is only recommended when your BADI logic will return a profile for your background and system users.
Good luck!
Brent
05-07-2014 10:10 PM
I would make sure that your system/service users (ALEREMOTE/DDIC/WF-BATCH etc.) are working o.k .
05-07-2014 10:19 PM
I would recommend replacing it with something like SAP_DUMMY which can at least read and match code on 1001 and 0105... (the PLOG sort of things).
As Ronen mentioned, you should change this BEFORE you restrict some system type user's access as they don't have personnel numbers.
Which BADI are you referring to? If it is in a central API then you might be OK. If not or there is hardcoding outside of the reserved API then you could be in for surprises.
Cheers,
Julius
05-09-2014 8:41 AM
Hi Sophie,
The OOSB entry for SAP* is the fallback profile for when no other structural profile is found. Even if you activated the BADI (assuming HRBAS00_GET_PROFL), it is still possible that it throws a no_profile_found and in that case the user will get the profile that SAP* has in table OOSB.
I wouldn't suggest deleting the entry. Replacing it with a basic profile like Julius suggested is probably the best idea, but this is only recommended when your BADI logic will return a profile for your background and system users.
Good luck!
Brent
05-09-2014 4:20 PM
Thanks all for your answers. We'll leave the entry SAP* in the table, to make sure we don't impact anything.