<\/p>\n <\/p>\n <\/span><\/p>\n <\/p>\n <\/p>\n <\/p>\n <\/span> <\/p>\n <\/p>\n <\/p>\n
\nWe discussed about the basics of SU24 tcode in our previous discussion. In this discussion, we will be discussing about the SU24 custom tables<\/span> USOBT_C<\/strong> and USOBX_C<\/strong>.<\/span><\/p>\n
\nIn our last discussion, we saw that SU24 tcode is used to maintain all those authorization objects that are checked during the execution of a particular transaction. We also saw that for every authorization object that is in SU24 screen, there is a corresponding value for two fields – Check Indicator (Check\/Do Not Check) and Proposal (Yes\/No).<\/span><\/span><\/p>\n
\n
\nThese values are stored in two <\/span>customer<\/strong>\u00a0specific tables – USOBT_C and USOBX_C. <\/span><\/strong>The “_C<\/strong>” in these table names indicate that these tables contain customer specific<\/strong> values which are maintained\/changed via SU24 tcode.<\/span><\/span><\/p>\n
\n<\/span><\/p>\n
\nIf the Profile Generator is used for the first time, <\/strong>these customer specific tables are initially filled<\/span> <\/span>with SAP Default Proposed values. SAP Proposed values are stored in tables <\/span><\/span>USOBT <\/span><\/strong>and USOBX<\/strong>. We can also have a look at thes<\/span>e val<\/span>ues via Tcode <\/span>SU22.<\/span>\u00a0<\/span><\/strong>These values should NOT be <\/strong>manually changed.<\/span> These get updated during upgrades.<\/span><\/span><\/p>\n
\n<\/span><\/p>\n
\nWhile the SAP Proposed values (in tables USOBT and USOBX) get updated during future upgrades, the customer specific tables (USOBT_C and USOBX_C) ensure that values modified by customer are not overwritten to SAP default unless explicitly changed by user<\/span> (via Tcode SU25 – step 1<\/strong>). We will discuss more about SU25 when we discuss about<\/span> SAP Security Upgrade<\/strong><\/span><\/a><\/span> in coming topics.<\/span><\/span><\/p>\n
\n
\nNow lets come to the basic Question : What values are maintained in the USOBT_C and USOBX_C tables?\u00a0<\/strong><\/span><\/span><\/p>\n
\n
\nThe <\/span><\/span>USOBX_C <\/strong><\/span>table defines what authorization checks are to be performed within a transaction and what not, i.e<\/span>. whether the check indicator <\/strong>field is set to “Check” <\/strong>or to “Do Not Check”.<\/strong>\u00a0This table also defines which authorization checks are maintained (Proposal Value – Yes)<\/strong> in the Profile Generator.<\/span><\/span><\/p>\n
\n The table <\/span><\/span>USOBT_C <\/strong>is for those authorization objects for which the Proposal <\/strong>values is Yes <\/strong>in SU24. It contains Authorization values<\/strong> for the authorization objects which are defined to be maintained (Proposal value “Yes”) in profile generator.<\/span><\/p>\n
\n<\/span><\/p>\n
\n
\n Whenever any change in proposal value is made for any transaction code in SU24, the new values should be pulled to all those roles where that particular tcode is present in role menu. In this case, all such roles’ profile should be generated in<\/span> <\/span>Expert Mode for Profile Generation<\/span><\/strong>. The option to be selected is<\/span> “Read Old Status and Merge with New Data”.<\/span><\/p>\n
![\"\"](\"https:\/\/sapsecurityanalyst.com\/WP\/wp-content\/uploads\/2012\/02\/expert-mode.jpg\" "\\"expert")
<\/a><\/p>\n