topic Evaluate SAP OSS notes implementation from authorizations perspective in Application Development and Automation Discussions https://community.sap.com/t5/application-development-and-automation-discussions/evaluate-sap-oss-notes-implementation-from-authorizations-perspective/m-p/675621#M29874 <P> </P> <P> </P> <P>As an authorization consultant I get requests from our Basis team to evaluate security notes which would be implemented in our production system. This is their requirement"- "... you need to check whether notes would have any impact after implementation (Security impact), e.g. if any customized t-code is already present in the system and notes have certain restrictions which would impact that t-code."</P> <P> </P> <P> </P> <P> </P> <P> </P> <P> </P> <P>In general I am fine with these kind of requests when a note obviously refers to an authorization activity, e.g. set an authority check for a new field, however in some cases I find a bit ambiguous whether the change would have any impact from authorizations perspective. </P> <P> </P> <P> </P> <P> </P> <P> </P> <P> </P> <P> </P> <P> </P> <P>I understand that cannot be a universal solution, but would you have any suggestions as to how to handle this, e.g. under 'Other terms' paragraph of a notes template, if there is no Authorization/authorization check mentioned, could I assume that I could give a greenlight for a note's implementation?</P> <P> </P> <P> </P> <P> </P> <P> </P> <P> </P> <P> </P> <P> </P> <P> </P> <P> </P> <P> </P> <P> </P> <P> </P> <P> </P> <P> </P> <P> </P> <P>Thank you,</P> <P> </P> <P> </P> <P> </P> <P>Mirjana</P> <P> </P> <P> </P> <P> </P> <P> </P> <P> </P> <P> </P> <P> </P> <P> </P> <P> </P> <P> </P> <P> </P> <P> </P> <P> </P> <P> </P> <P> </P> <P> </P> Thu, 28 Jun 2018 13:39:21 GMT Former Member 2018-06-28T13:39:21Z Evaluate SAP OSS notes implementation from authorizations perspective https://community.sap.com/t5/application-development-and-automation-discussions/evaluate-sap-oss-notes-implementation-from-authorizations-perspective/m-p/675621#M29874 <P> </P> <P> </P> <P>As an authorization consultant I get requests from our Basis team to evaluate security notes which would be implemented in our production system. This is their requirement"- "... you need to check whether notes would have any impact after implementation (Security impact), e.g. if any customized t-code is already present in the system and notes have certain restrictions which would impact that t-code."</P> <P> </P> <P> </P> <P> </P> <P> </P> <P> </P> <P>In general I am fine with these kind of requests when a note obviously refers to an authorization activity, e.g. set an authority check for a new field, however in some cases I find a bit ambiguous whether the change would have any impact from authorizations perspective. </P> <P> </P> <P> </P> <P> </P> <P> </P> <P> </P> <P> </P> <P> </P> <P>I understand that cannot be a universal solution, but would you have any suggestions as to how to handle this, e.g. under 'Other terms' paragraph of a notes template, if there is no Authorization/authorization check mentioned, could I assume that I could give a greenlight for a note's implementation?</P> <P> </P> <P> </P> <P> </P> <P> </P> <P> </P> <P> </P> <P> </P> <P> </P> <P> </P> <P> </P> <P> </P> <P> </P> <P> </P> <P> </P> <P> </P> <P>Thank you,</P> <P> </P> <P> </P> <P> </P> <P>Mirjana</P> <P> </P> <P> </P> <P> </P> <P> </P> <P> </P> <P> </P> <P> </P> <P> </P> <P> </P> <P> </P> <P> </P> <P> </P> <P> </P> <P> </P> <P> </P> <P> </P> Thu, 28 Jun 2018 13:39:21 GMT https://community.sap.com/t5/application-development-and-automation-discussions/evaluate-sap-oss-notes-implementation-from-authorizations-perspective/m-p/675621#M29874 Former Member 2018-06-28T13:39:21Z