This website is not affiliated with, sponsored by, or approved by SAP AG.
4 posts • Page 1 of 1
The user executes a tcode but no data is displayed.
When seen in the SU53 screen shot it shows that authorization object P_orgin has some values in field missing:
For PERSA it say <dummy>
Can some one please help me with this???
What does this dummy exactly mean?
The dummy request usually means that the program merely checksif the object is in the user buffer but does not care what the values are.
If you build a role with the P_ORGIN object and fill those fields with
Be extremely careful when completing the field values in HR objects - check that your company is using HR and, if so, should the user have access to run reports without restriction - it's all to easy (and lazy) to ' ' the values based on an SU53 if the end user doesn't know what to restrict searches by therefore giving all the other users who have the role wider access unintentionally.
Real Daleks don't use the stairs. They just level the building.
Well - okay - so now they can fly - that's not fair!
If you were to mention the transaction (if not a custome tcode) you might get clearer answers.
In your case it sounds like your testers get stuck on the first screen because they cant select the data they need to go to the next step. However when you added the transaction to the role and did a unit test (the transaction brought up the initial screen with no errors and you would not have known that it was a failure because of missing data necessary for going to the next step (for any user who will need the transaction)
This issue will continue to confuse your testers and or other Security support team members. Therefore configure SU24 so that when that transaction is added to a role PFCG will propse P_ORGIN with the ' value in the fields mentioned. Then when role testers test the transaction they will be able to see the data necessary for the next step, after which they will probably run into a valid onscreen error message and their next SU53 will show the actual values for P_ORGIN needed for what they are attempting.
DUMMY in the SU53 means you are actually encountering an AUTHORIZATION CHECK statement in the program behind the initial screen for the transaction where the P_ORGIN is enforced but the values for those fields in the SU53 does not matter. (cant leave a field blank in the code or the ABAP cant process the command) so DUMMY is used to give the statement in the code a "non-null" value and is interpreted as any value in that field is valid.
the single quote or single quote space single quote is the PFCG version of the word DUMMY or "non-null" value.
However if you see the ' in the SU53 it can be for other reasons. For example, It is rare, but there are transactions that require that an authorization object with a plant field have ' along with any additioinal valid plant values just to access the initial screen. This controls the behaviour or certain input fields, or select options, and even data displayed so that the program cannot be executed for data not assigned to a plant. This is sort of KLUDGEY piece of ABAP when that occurs, and it is difficult for Functional or Security partners to troubleshoot. Normally ' should not be seen in an SU53 whenever ' is seen instead of the word DUMMY you must analyze the issue differently. You will want to know why ' is actually the value being enforced. Using the value ' in an AUTHORITY CHECK statement as a value required for a field, is not the same as using the word DUMMY.
Using ' as the value in the ABAP means you will always have to add ' for this transaction as well as valid values you want to grant.
SAP Security Consultant
4 posts • Page 1 of 1
Who is online
Users browsing this forum: No registered users and 3 guests