Community
Application Development and Automation Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Read only

Evaluate SAP OSS notes implementation from authorizations perspective

Former Member

‎2018 Jun 28 2:39 PM

0 Likes
406

As an authorization consultant I get requests from our Basis team to evaluate security notes which would be implemented in our production system. This is their requirement"- "... you need to check whether notes would have any impact after implementation (Security impact), e.g. if any customized t-code is already present in the system and notes have certain restrictions which would impact that t-code."

In general I am fine with these kind of requests when a note obviously refers to an authorization activity, e.g. set an authority check for a new field, however in some cases I find a bit ambiguous whether the change would have any impact from authorizations perspective.

I understand that cannot be a universal solution, but would you have any suggestions as to how to handle this, e.g. under 'Other terms' paragraph of a notes template, if there is no Authorization/authorization check mentioned, could I assume that I could give a greenlight for a note's implementation?

Thank you,

Mirjana

0 REPLIES 0