Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Showing results for 
Search instead for 
Did you mean: 

' ' Entries in SU53's

Former Member
0 Kudos

Can anyonre provide more information as to why in a lot of our SU53's we have these entries

' '

(two single quotation marks)?

This in is HR Authorizations and can occur in Org Key, Pers Num, or anything else under P_ORGIN or PLOG auth object. Can anyone explain what they mean? We do not add them in because it appears to give a lot more access than required.

Thanks.

5 REPLIES 5

jurjen_heeck
Active Contributor
0 Kudos

They are dummy values. You can add them to authorizations without any risk, they do not override other authorizations if that's what you fear.

If you search the forum for 'dummy' you'll probabely find more info.

Former Member
0 Kudos

Searching for "DUMMY" will lead you to this thread eventually =>

Im my opinion, it does not make sense to supply a "dummy value" (like "asdf" or " " (2 spaces) to satisfy the check because the coding is indicating that there must be something (which is real intended authorization value), but at the point where this "safety-check" (or sanity-check) is performed (often "upfront") the system does not care yet what the user can actually do. But they must be able to do something "real" in the transaction.

The same can be used for a "space" (please compare the ABAP keyword documentation for "DUMMY" and "SPACE" statements) to satisfy the DUMMY check, but it is (perhaps unfortunately) used as well in the coding to permit the start of certain transactions without giving the user the ability to use an important part of it.

As far as I am concerned, these SPACE checks are antiquated and confusing, and should be eliminated. If the application functions make the correct checks dependent on the behaviour of the user, I dont see the need for such "spaced out" checks..

A correct "DUMMY" should be sufficient upfront, and if the checks are complex, then there are plenty of ABAP techniques to do it in a better way.

My 2 cents,

Julius

Former Member
0 Kudos

I fully agree. They're only complicating the matter. Either you have authorization or you don't. If you do, provide a value on that authorization not empty space.

In searching for "Dummy" I found this explanation:

Some auth. objects fields may have dummy values which means auth field is not used to perform any check & so is not initialised

That is not good. Why put an auth field in if it's not being used. Why let it pass an authorization check (which is exactly what it does).

I have no fears it will overwrite access, my fear was that it opens up access and those fears were confirmed. Upon removing the "dummy" quotes the access was again restricting as it should. That is why I posted here. It DID give access, it skipped some authorization checks. It gave more access than was requested.

I guess since no solid explanation is given I will just ignore the SU53's that call for it.

Appreciate the input everyone.

0 Kudos

Hi Lara,

> In searching for "Dummy" I found this explanation:

> Some auth. objects fields may have dummy values which means auth field is not used to perform any check & so is not initialised

Where did you find that? "DUMMY" is an ABAP data element, which when used in a check is satisfied by "anything" - but there must be "something". It does have it's use cases.

> I guess since no solid explanation is given I will just ignore the SU53's that call for it.

My recommendation would be to trace and find the source code location of these checks from the trace file (there is a "jump" possibility there in ST01 into the ABAP Editor) and look at the context of the check.

If it is inappropriate, report it to SAP. From my experience, they are thankfull for such information and feeback, and fix the program errors.

Cheers,

Julius

0 Kudos

Hello Lara,

If you have read the ABAP documentation for the Authority-Check statement you would have read that the dummy statement is used to "suppress unnecessary authorization checks or to carry out checks before the user has entered all the values".

If the user while executing the tcode has left the field blank then it would pass the authority-check as long as he has the authorization for ' ' (single quotes) for this field in the authorization object. However if the user has entered a real value which does not correspond to the authorization field values the check would fail.

I am just copy pasting the example from the ABAP documentation which explains in very simple terms how this works:

Object: M_EINF_WRK

ACTVT 01-03 , WERKS 0001-0003.

With this authorization user can display and change plants within the Purchasing and Materials Management areas.

Such a user would thus pass the checks

AUTHORITY-CHECK OBJECT 'M_EINF_WRK'

ID 'WERKS' FIELD '0002'

ID 'ACTVT' FIELD '02'.

AUTHORITY-CHECK OBJECT 'M_EINF_WRK'

ID 'WERKS' DUMMY

ID 'ACTVT' FIELD '01':

but would fail the check

AUTHORITY-CHECK OBJECT 'M_EINF_WRK'

ID 'WERKS' FIELD '0005'

ID 'ACTVT' FIELD '04'.