06-01-2007 9:21 AM
Hi Friends,
Through SU24 -> T-code->check indicator, against any auth object we can specify No Check,Check or Check/Maintain. Now what is the difference between check and check/maintain ? What additional checks will be performed in check/maintain case ?
06-01-2007 10:35 AM
Hi,
Check indicators show the type of auth object check:
U Unchecked
Check indicator is not set
PFCG does not propose the object for maintenance
N No Check
No active check
PFCG does not propose the object for maintenance
C CheckCheck is performed
PFCG does not propose the object for maintenance
CM Check/Maintain
Check is performed
PFCG proposes the object for maintenance
So only the objects whoes status is check/maintained will be pulled into your role.
Hope it helps.
Please award points if it is useful.
Thanks & Regards,
Santosh
06-01-2007 10:32 AM
Hi,
Check indicators show the type of auth object check:
U Unchecked
Check indicator is not set
PFCG does not propose the object for maintenance
N No Check
No active check
PFCG does not propose the object for maintenance
C CheckCheck is performed
PFCG does not propose the object for maintenance
CM Check/Maintain
Check is performed
PFCG proposes the object for maintenance
So only the objects whoes status is check/maintained will be pulled into your role.
Hope it helps.
Please award points if it is useful.
Thanks & Regards,
Santosh
06-01-2007 10:35 AM
Hi,
Check indicators show the type of auth object check:
U Unchecked
Check indicator is not set
PFCG does not propose the object for maintenance
N No Check
No active check
PFCG does not propose the object for maintenance
C CheckCheck is performed
PFCG does not propose the object for maintenance
CM Check/Maintain
Check is performed
PFCG proposes the object for maintenance
So only the objects whoes status is check/maintained will be pulled into your role.
Hope it helps.
Please award points if it is useful.
Thanks & Regards,
Santosh
06-01-2007 11:32 AM
Hello SAPMAN,
Santosh has clearly described the difference however there is one additional point. If you change the settings in SU24 it will introduce the object in the role having the transaction but that doesnot mean that the object will be necessarily checked unless it is coded.
Regards.
Ruchit.
06-02-2007 5:56 AM
hi sapman,
go through the following text
explanation of check indicators , if the check flag for authorization object is set as
cm = check / maintain , then
1) an authorization check is carried out against this object
2) the profile generator creates authorization for this object and field values are displayed for changing
3)default values for this authorization can be maintained.
c = check , then
1) an authorization check is carried out against this object
2) the profilr generator does not create authorization for this object and field values are not displayed for changing
3)no default values for this authorization can be maintained.
if you find this information useful ,award me the points
regards
nvrrvn(ramana)
06-04-2007 5:40 AM
Thanks for your explanation nvr & NAV. Santosh.
But it will be more clear if you can please explain one thing i.e. for Check what do you mean by <u>authorization check is carried out but authorization for the object is not created</u> - how & where objects are created ?
For e.g in F_BKPF_BUK object if we maintain check indiacator as "Check" only in SU24. Then as per your explanantion auth object will be checked but pfcg won't be <u>creating authorization object</u> in this case. But <u>profile generator creates authorization for this object</u> if we maintain Check/Maintain.
Accounting Document: Authorization for Company Codes F_BKPF_BUK
Activity 02,03 ACTVT
Company Code * BUKRS
Can you explain the same with the above example for C & C/M indicators in SU24 ?
06-04-2007 7:53 AM
hi sapman,
see authorization check is carried out against auth objects for any transaction code if it is specified in the corresponding abap code , authorization checks are triggered by the statement authority check , however , with transaction su24 you can set check indicators to exclude certain authorization objects from authorization checks , with out changing abap code .
the profile generator only creates an authorization for an authorization object if the check indicator is set to check/maintain , for example take any tcode ,in su24 check for the auth objects which have cm checkflag set , the generated auth profile will contain only those auth objects , the values you specify for the auth fields of an auth object enables the user to carry out functions for paticular org levels , if thing's are still unclear , you give me the detailed description of the problem you are facing.
regards
ramana