Register Login

S_DEVELOP authorization object

Updated May 18, 2018

Two possible answers here as from your question I don't quite gauge your level of expertise in security...

1) If you don't know the area. It's complex and really needs an expert for authorisation changes, please see your security or basis team.

2) If you do know the area. You need to be careful with this one as it controls the ability to do stuff in the development workbench as well as executing programs and function modules. In anywhere except the dev box the 01, 02 type activities should not be enabled. You should stick to 03 however note that this does not restrict the ability to display vs execute code - you can often still do that with act 03, therefore the only really effective way of restricting this object is on object type and object name to ensure that for example only the function modules for the function groups required are provided. One other watchout is to elminiate the value STMR_NAVIGATOR for object type FUGR from the object name field by restricting the values to exclude that range. This enables a nasty back-door in the system which a lot of tech folks are aware of and allows access to any transaction code. Sure there should be other objects which protect in most cases but you still wouldn't assign SE38 in production right...