Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
Showing results for 
Search instead for 
Did you mean: 

Risk associated with AUTH_SWITCH_OBJECTS

Former Member
0 Kudos

As discussed in previous threads the following was indicated wrt auth/object_disabling_active:

The auth/object_disabling_active parameter is a prerequisite for globally deactivating checks on individual authorisation objects.

If the paramter is set to "Y", the disabling of checking of authorisation objects globally through transaction u201CAUTH_SWITCH_OBJECTSu201D is not prevented.

My question:

What is the risk associated, if the transaction AUTH_SWITCH_OBJECTS is not contained within any role or assigned to any user including the authorisations team? Due to this transaction not being assigned or even in existence within our productive environment, no auth object has been disabled from auth relevancy.

Thank you!


Former Member
0 Kudos

Even auth_switch_objects on it's own is not enough.

But if there is no intention to turn objects off globally and none are turned off then it cannot harm much to turn it off, no?

Some folks got a bit nervous when transaction SU24_CHECK flew up, but that has been deactivated and I am not aware of any other dark horses which globally disable checks client specifically (except of course the usual table editing tools....).