1. HTTP://SAPSECURITY.WORDPRESS.COM/ SU24 Job Aid for SU24 Jays 11/28/2010Purpose: Transaction SU24 maintains the USOBT_C and USOBX_C tables. These tables holdthe relationships between the particular transaction and its authorization objects. It is possible toadd or subtract the checks performed in the transaction by changing the appropriate flag. The addition (check or check/maintain) flag of an authority-check only works if SAP hadprovided the authorization object as standard in the calling program. Do not expect the system toperform an authority-check automatically when an object is added in the list of other objects for aparticular transaction code because the calling program will have no knowledge of these objects.The subtraction (or no check) of an authority-check is possible to all transaction and all objectsexcept HR and BASIS related authorization objects. The benefit of transaction SU24 occurs when transactions are added or deleted fromRole Groups using the Profile Generator. When deleting transaction the Profile Generator willremove all authorization values that were needed for that transaction. When new transactions areadded, the Profile Generator will add all authorization values needed to run the transaction(s).The addition or removal of authorization values is based upon values entered in SU24.
2. Section A. Check/Maintain Authorization ValuesThis section will explain the steps to maintain an existing authorization object for a TCODE. 1. Log in into SAP 2. Type SU24 in the command field and hit enter
3. 3. Maintain Assignment of Authorization Objects to Transactions Screen will be displayed.4. Provide the Transaction code in the Transaction Code field in the Define Interval for Transaction code section.5. Click Execute Button
4. 6. Transaction List Screen Will be displayed7. To Maintain an Authorization Object Click Check Indicator(Pencil Icon)
5. Select the TCODE and click on Check Indicator8. A popup window “Prompt for work bench request” will be displayed for a transport request.
6. 9. Click on New Request Icon to create a new transport request for the Authorization Object maintenance. Create Request Screen will be displayed10. Enter Short Description in The “Short description field”
7. 11. Click Save to Start the Changes, Prompt for Work Bench Requests Screen will be displayed with New Transport Request ID12. Click “Continue” Button to Proceed
8. 13. Authorization object maintenance screen will be displayed with the list of authorization objects which are already assigned to the Tcode.14. In order to make an authorization object to be check maintained change check flag to CM as shown in the picture15. Click SAVE.
9. IF USER JUST WANTS TO CHANGE THE INDICATOR THEN THE PROCESS STOPSHERE. IF USER WANT TO DO ANY CHANGES FURTHER THEN THE CHECKINDICATOR SHOULD BE IN “CM”
10. 16. If User want to change Authorization Values then the Check should be at CM (Check Maintain). User Clicks on “Field Values” Button to ADD/DELETE/CHANGE Auth Values17. Change Field values for authorization object Screen will be displayed with the Authorization Object and related Fields.
11. Authorization FieldsObject 18. To edit(Add/delete/update) the fields Click on Pen Icon displayed next to Authorization Field. “Define Values “ Screen Will be displayed
12. 19. Select/Deselect or enter Appropriate values(As requested by customer) in the “Define Values” Screen and Click Save
13. SaveButton Follow Steps 17- 19 for maintaining values for all other Authorization Fields. 20. Click Save and then Exit out of the screen.
14. Section B. Addition of Authorization Object to a TCODEThis Section will provide the details of adding an authorization object to a TCODE. 1. Login to SAP 2. Type SU24 in the Command field and Click Enter
15. 3. Maintain Assignment of Authorization Objects to Transactions Screen will be displayed. Clickon Execute button4. Transaction List Screen will be displayed. , Select a Record and Click on “Check Indicator “Button.
16. 4. Prompt for work bench Request Screen will be displayed.5. Select Create New Request Button , Create Request Screen will be displayed.
17. 6. Enter Short Description in the “Short Description field and click Save Button. Short Description FieldSaveButton 7. Prompt for Workbench Request screen will be displayed , Click on Continue(enter) button to proceed Continue Button
18. 8. “Change Check Indicator for TCODE” Screen will be displayed with Check indicators for allAuthorization Groups.9. Click on Auth Obj(Insert) Button to Add New Authorization Group. Auth Obj(Insert) button
19. 10. Add authorization Object for Tcode button will be displayed.11. Enter the Authorization Object to be added to the TCODE in the Authorization Obj field.And Click Enter12. The Authorization Object is added successfully to the Tcode , as shown in the “ChangeCheck indicator for TCODE” screen. Click Save button. Save 13. Maintain the Authorization Values as shown in the Section A, Steps 16-20.
20. Section C. Delete Authorization Object Linked to a TCODEThis Section will provide the details of deleting an existing authorization object from a TCODE. 1. Refer to Section B and Execute Steps 1 thru 9 2. Go to Screen “change Check Indicator for TCODE” Screen 3. Select the Authorization Object, To – Be Deleted. 4. Select “Authorization Objs“ button from the main menu.
21. 5. Click Delete from the Dropdown menu. “Object Delete” Message box will be displayed .
22. 6. Click Continue to proceed and delete the Authorization Object linked to Tcode .7. Authorization Object is deleted from the “Change Check Indicator for TCODE” screen.8. Click Save button to save the changes.
23. Please Let me know if any concerns.Thanks,Jayshttp://sapsecurity.wordpress.com/