Question:
Hi,
I recently was told by a D&T auditor that S_DEVELOP with a value of 03 should not be permited for all users in SAP R/3 version 4.6c. I tried removeing it and it caused transaction SE43 to die and SE43 is assigned to everyone in the company. Is there a danger in everyone having S_DEVELOP with a value of 03 in 4.6c?
Thanks,
TMH
Answer:
Get your audiot to tell you WHY it is s risk. Them just saying it isn't good enough, make them sweat for their fees.
IIRC it has something to do with a glitch in SAP permitting some debug activities in oldish versions. - search for S_DEVELOP to see a bit more info on it.
Answer:
Big risk. It can be closed if you place authorization groups on all your programs to control execution via S_PROGRAM.
Essentially S_DEVELOP with 03 and PROG allows a user to navigate to any program in the system and from there they can execute the (type 1 ) programs. You might as well give everyone SE38.
Why would you give anyone SE43 in production? Cevelopers can all see that stuff in development.