Existing authorizations in roles and profiles that contain the discreet activity ’03’ (“Display”) no longer authorize users to execute development objects.
However, if a full authorization (‘*’) for the activity is contained in authorizations for the S_DEVELOP authorization object, the behavior does not change because the full authorization also includes the new activity ’16’ (“Execute”).
Activity ’16’ (“Execute”) is already defined for the S_DEVELOP authorization object in all releases as of Release 4.0B.
Therefore, you do not need to adjust the authorization object.
Available fix and Supported packages
- SAP_BASIS | 640 | 640
Workbench Tools: Editors, Painter, Modeler
Detailed vulnerability information added to RedRays Security Platform. Contact [email protected] for details.