Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Auth object Standard and Changed

Former Member

‎10-31-2007 9:08 AM

0 Kudos

Hi

When i look at the auth object for a particular role, in some cases I see multiple versions 01,02 and so on with all the versions being active. In some cases there is one for Standard and one which is changed both being active. The auth field values for the above differs for standard, changed, and the different versions. My question is in both the above situations, when a authorization check is done, which version is checked or which type (standard or changed) is checked ?

- ravi

2 REPLIES 2

Former Member

‎10-31-2007 9:18 AM

0 Kudos

Hi Ravi,

All active auth sets will be loaded into the user buffer for evaluation regardless of whether they are standard, changed or manual. If inactivated they won't be used.

The main problem with auths in changed mode is that if you remove the tx that is associated with the object from the role menu, the corresponding auths will not be automatically removed from the role if they are in changed mode.

Former Member

‎10-31-2007 4:08 PM

0 Kudos

Multiple instances (multiple versions 01,02) for an auth object come from different t-codes.

You can check the list of t-codes that are bringing those standards if you click on the symbol mountain.

Those values are being pulled from su24.

And presence of more than one t-code doesnot necessarily imply presence of more than one standard. To have more than one standard for a given object, you need to have different combination of values mantained for those t-codes in su24. Eg. If there are 2 t-codes and both have same combination of values mantained in different fileds in su24, then they will bring only one standard. But if both the tcodes have different combination of values mantained, they will bring more than one standard.

If you change a standard whose all the fields contain some value, it gets changed to 'change'. But if you change a standard which has atleast one field which is empty, it gets changed to 'mantained'.

When authorization check is done all instances which are not inactive are checked and as pointed by Alex, if you make a standard to changed , then even after removing that t-codes which had brought that standard(changed), it stays.

Points are welcome!!

Thanks !!!