Tcode Authoriztion In SU24

former_member196331 · ‎2020 May 20

HI,
I am facing 1 issue. For tcode In su24 i was assigned 2 authorization objects.
S_TCODE

S_TABU_DIS

After testing I need to remove S_TABU_DIS Authorization object.
So i went to su24 and remove it and saved under TR.
now if i see the tcode in SU24, I can able to see only S_TCODE

Now i enable the trace in ST01 and in another session i open the tcode.

Two authorization objects are triggering. may i know why..

AUTH S_TCODE RC=0

AUTH S_TABU_DIS RC=0

In su24 only i can able to s_tcode.

I have another question.
i want to remove s_tcode also. But the problem is i am removing the s-tcode and while saving again s_tcode auth object is
Coming automatically, I did not understood. Many times i tried... while saving s-tcode object is coming automatically.

How could i Remove the Tcode completely in SU24.

Colleen · ‎2020 May 21

Hi Kali

SU24 acclerates a consistent PFCG Role Build

With one exception (mention below), SU24 does not influence whether an authority check takes place in program execution (i.e. your ST01 trace). It is to help you build consistent secuirty roles

The exception: transaction codes in SU24 (or globally via SU25) allows you to set a 'do not check' for the authorisations. Users will pass the authority check (i.e. ST01 will say successful) even if they do not have the access. However, you cannot set Basic or HR class objects to do not check

In relation to S_TCODE comment: in pfcg the S_TCODE, S_SERVICE, S_START, and S_RFC standard authorisations are also imported due to items in the role menu

Okay, what are you actually trying to do here? I'm intepreting your question that you are under impression that you think SU24 controls a check taking place.