06-17-2015 9:18 PM
Hello.
After consulting this discussion forum still it is an unresolved issue, for many years, the authority check of S_DEVELOP fieldname OBJNAME = *; every time when the SCAT or SECATT transactions are used.
I do not know if this issue has been under consideration by SAP developers team , but It is a fact that nothing can be done to allow defining the field value of the fieldname OBJNAME with a corresponding name, and be able to build multiple authorization profiles for specific processes.
I have not tried to solve it by changing the values allowed in the Object S_DEVELOP , fieldname OBJNAME using the transaction SU24, it would be interesting to know the opinion of experts.
Thank you very much.
Best
Regards,
06-18-2015 9:56 AM
06-19-2015 12:48 AM
Hello Martin.
Definitely the SAP note implementation solves the authority check incident. CAT_PING Function Module and AUTHORITY-CHECK statements for the OBJNAME followed with DUMMY is flawlessly working as a wildcard entry.
I was in debug mode and find out that the authority check is being executed for transaction SECATT thru ABAP program: SAPLECATT_MAIN , it makes a dynamic call to SAPLECATT_EXECUTE at include LECATT_EXECUTEI03; MODULE ecatt_execute_active_tab_get, this is the moment when CAT_PING function module is invoked. I will keep investigating the exact point because the function module is not explicitly called.
I appreciate this valuable information.
Best regards,
06-19-2015 7:59 AM
Hi,
I don't have access to a system at this moment so I can't check it but it seems to me that SAP made a mistake. The logic should be that it checks that you have an authorization for at least one object. This can be done with DUMMY but it was coded with * which checks if you have authorization for all objects. That's why I was asking if you can see the exact code where it is being checked. You can easily navigate to code from ST01 when you have a trace. If you believe this is the case then I would suggest raising a message with SAP to fix it.
Cheers