<\/a><\/p>\n <\/p>\n <\/a><\/p>\n <\/span><\/p>\n <\/p>\n As we can see this screen shows SU24 entries for tcode FPE3S. On the left side, we have tcode name and description and on the right side, we have authorization objects and other fields like TSTCS, Check Indicator and Proposal.<\/span> <\/p>\n <\/p>\n <\/span><\/p>\n <\/p>\n <\/p>\n
\nAs we discussed earlier, a tcode is like a command which when executed executes an ABAP program, report etc. When the program gets executed, it may check for certain authorization objects.<\/span>
\n<\/span>
\n
\nThese authorization objects are coded in the program under “AUTHORITY-CHECK<\/span><\/a><\/span>” statement.<\/span><\/p>\n
\n<\/span><\/p>\n
\nSU24 is one of the most important tcodes in SAP Security. It is used to maintain authorization objects that are checked during the execution of a particular transaction code. <\/span>
\n
\n For example – a screenshot of SU24 entry for<\/span> PFCG<\/strong> transaction code is shown in the below figure:<\/span><\/span><\/p>\n
\n<\/span><\/p>\n
\n![\"\"](\"https:\/\/sapsecurityanalyst.com\/WP\/wp-content\/uploads\/2012\/01\/su24-1.jpg\" "\\"su24-1\\"")
<\/a><\/p>\n
\n<\/a>
\n
\nSU24 is like a check and check-maintain “container” which is used for maintaining those authorization objects which are checked when ABAP programs are executed.<\/span><\/span><\/p>\n
\nWhenever any tcode (or program) is executed and if it checks if the user has access to some authorization object performing the task concerned, then it is always a good practice to add that authorization object in SU24 entry for that transaction code.<\/span><\/p>\n
\n Lets go through some of the important concepts related to SU24 tcode. For that lets have a look at the SU24 screenshot for tcode FPE3S below:<\/span>
\n<\/span><\/p>\n
\n![\"\"](\"https:\/\/sapsecurityanalyst.com\/WP\/wp-content\/uploads\/2012\/01\/su24.jpg\" "\\"su24\\"")
\n<\/a><\/p>\n
\n<\/span>
\n <\/span><\/p>\n
\nThe Object field shows the list of authorization objects which are checked for tcode FPE3S.<\/span><\/p>\n
\n<\/span><\/p>\n
\nWe have already discussed that SU24 maintains the authorization objects which are checked by a tcode. Although just maintaining any authorization object does not mean that the object will be checked. It is necessary that the object is coded in the “Authority-Check” statement in the ABAP code. Simply inserting an authorization object in SU24 which is not checked in the program is not going to make any difference.
\n<\/span><\/p>\n
\n SU24 provides us with an option to set if any authorization object can be set to “Do not check”, i.e even if the object is coded in the program, the object will not be checked while executing the tcode. As shown in the figure above, we can see that Check Indicator Field gives us this option to set the authorization object check value to<\/span> “<\/span>Check” <\/span><\/strong>or “Do Not Check”.<\/strong>
\n<\/span>
\n
\nNext to Check Indicator field is<\/span> Proposal field<\/strong>. It can have values<\/span> “<\/span>Yes”<\/span><\/strong>\u00a0or No”<\/strong>. Lets discuss this “Proposal” field via the below screenshot:<\/span>
\n<\/span><\/p>\n
![\"\"](\"https:\/\/sapsecurityanalyst.com\/WP\/wp-content\/uploads\/2012\/01\/proposal.jpg\" "\\"proposal\\"")
<\/a><\/p>\n