Skip links
🔥🔥🔥 Join us for our upcoming training session at Black Hat MEA: "Securing SAP Systems: Expert Insights and Penetration Testing Techniques" 🛡️🔍

Authorization for testing, SAP security note 591395


Existing authorizations in roles and profiles that contain the discreet activity ’03’ (“Display”) no longer authorize users to execute development objects.
However, if a full authorization (‘*’) for the activity is contained in authorizations for the S_DEVELOP authorization object, the behavior does not change because the full authorization also includes the new activity ’16’ (“Execute”).
Activity ’16’ (“Execute”) is already defined for the S_DEVELOP authorization object in all releases as of Release 4.0B.
Therefore, you do not need to adjust the authorization object.

Available fix and Supported packages

  • SAP_BASIS | 640 | 640

Affected component

    Workbench Tools: Editors, Painter, Modeler


Score: 0


Detailed vulnerability information added to RedRays Security Platform. Contact [email protected] for details.




How to detect over 4100 vulnerabilities in SAP Systems?

More to explorer