I have some authorization objects that literally have single or double quotation marks as their values. I see these values associated with objects such as S_BTCH_NAM. What do these values allow or permit as part of this authorization object?
Sometimes the SAP programs perform an authorization check before a particular value has been input by the user. For example at transaction start some programs check the activity code (e.g. 01) but no opportunity to enter an organizational value has been given the user (e.g. company code). The authorization will test the user's authorization for single quotation mark values. It doesn't typically make a lot of sense to do this with an authorization object with a single field but developers who do not understand the authorization concept may be arbitrary in how they use objects and customers must provide the values that will allow their users to do their work.
Dig Deeper on SAP security
A SearchSAP.com reader wants to know how to grant a user access to cost centers, as well as access to one cost element across all cost centers.
Learn how to stop SAP users from displaying HR table contents in an SAP table without restricting access to an SE16N transaction.
A SearchSAP.com reader who stores user email addresses within the SAP SU01 transaction code and wants to know where to locate the data.