https://community.sap.com/t5/application-development-and-automation-discussions/s-develop-debug-display-authorization/m-p/465371#M14765 <P>Hi Joachim,</P><P>In systems with sensitive data this may allow for viewing raw data in the debugger, beyond the reach of the users' normal authorizations.</P><P>Data may be collected from the database by a program and checked for authorizations on a line-to-line basis before presenting it to the end user. S_DEVELOP with DEBUG and ACTVT 03 will allow you to monitor the raw data before the authorization check takes place.<BR /><BR />Unfortunately I do not have a concrete example for you.</P><P>Jurjen</P> Sun, 02 Jul 2017 14:10:35 GMT jurjen_heeck 2017-07-02T14:10:35Z https://community.sap.com/t5/application-development-and-automation-discussions/s-develop-debug-display-authorization/m-p/465370#M14764 <P>Hi,</P><P>And old one but I still have not seen a good answer to this one so I will try again.</P><P>Can anyone please elaborate on the risk of having s_develop - debug 03 in production (or any other system for that matter)?</P><P>And please only provide concrete examples and not assumptions. Would be good to somewhat put this one to rest :).</P><P>br,</P><P>/joachim</P> Mon, 26 Jun 2017 08:02:41 GMT https://community.sap.com/t5/application-development-and-automation-discussions/s-develop-debug-display-authorization/m-p/465370#M14764 Former Member 2017-06-26T08:02:41Z https://community.sap.com/t5/application-development-and-automation-discussions/s-develop-debug-display-authorization/m-p/465371#M14765 <P>Hi Joachim,</P><P>In systems with sensitive data this may allow for viewing raw data in the debugger, beyond the reach of the users' normal authorizations.</P><P>Data may be collected from the database by a program and checked for authorizations on a line-to-line basis before presenting it to the end user. S_DEVELOP with DEBUG and ACTVT 03 will allow you to monitor the raw data before the authorization check takes place.<BR /><BR />Unfortunately I do not have a concrete example for you.</P><P>Jurjen</P> Sun, 02 Jul 2017 14:10:35 GMT https://community.sap.com/t5/application-development-and-automation-discussions/s-develop-debug-display-authorization/m-p/465371#M14765 jurjen_heeck 2017-07-02T14:10:35Z https://community.sap.com/t5/application-development-and-automation-discussions/s-develop-debug-display-authorization/m-p/465372#M14766 <P>Hi Joachim</P> <P>This won't give you the explicit examples that you are after but might help consider risks which seems to be system performance (resource availability); access to sensitive data in debug mode prior to authority check and potential data inconsistencies/rollback (See Julius' example).</P> <P><A href="https://archive.sap.com/discussions/thread/1342811" target="test_blank">https://archive.sap.com/discussions/thread/1342811</A></P> <P>Unfortunately, I cannot tell you off the top of my head an example where each of those occur. I do recall debugging line by line through investment management and getting access to that data and project system information prior to the authority check (Data was selected from the table prior to the check)</P> <P>Regards</P> <P>Colleen</P> Thu, 13 Jul 2017 11:54:06 GMT https://community.sap.com/t5/application-development-and-automation-discussions/s-develop-debug-display-authorization/m-p/465372#M14766 Colleen 2017-07-13T11:54:06Z https://community.sap.com/t5/application-development-and-automation-discussions/s-develop-debug-display-authorization/m-p/465373#M14767 <P>As someone who wrote numerous ABAP custom programs, I have same thoughts as <A href="https://answers.sap.com/users/4577/jurjen-heeck.html">Jurjen Heeck</A>. In most cases the raw data is pull from database using select statement first and then the authorization is checked and based on the result from authority-check, the result is displayed. </P> Fri, 14 Jul 2017 22:36:04 GMT https://community.sap.com/t5/application-development-and-automation-discussions/s-develop-debug-display-authorization/m-p/465373#M14767 sjeevan 2017-07-14T22:36:04Z https://community.sap.com/t5/application-development-and-automation-discussions/s-develop-debug-display-authorization/m-p/465374#M14768 <P>Hi Jurjen,</P> <P>Very good point indeed.</P> <P>/joachim</P> Tue, 01 Aug 2017 10:06:40 GMT https://community.sap.com/t5/application-development-and-automation-discussions/s-develop-debug-display-authorization/m-p/465374#M14768 Former Member 2017-08-01T10:06:40Z