[1496] in SAPr3-news
Re: Security
daemon@ATHENA.MIT.EDU (Vincent Lock)
Mon Jun 24 21:08:38 1996
To: sapr3-news@MIT.EDU
Date: Tue, 25 Jun 1996 00:56:00 +0100
From: Vincent Lock <vincent@lockvkf.demon.co.uk>
In article <93.38772@tsh.ruhr.de>, Martin Dumalski
<karlchen@tsh.ruhr.de> writes
>Hi SAPPER !
>
>Is it right that there is no security check between different "SAP-Mandanten"
>if
>somebody has got the right to program APAB/IV - Reports in produktive
>systems?
>
>Please give me more information !
>
>Bye Karlchen
>
If I understand you correctly....
Objects (Programs, reports, module pools, etc, DDIC - of course!) are
client independent _within a system_; in R2, I understand that is not
the case.
Normally, sites will have at least 4 systems, each with possibly several
clients. Development will be done on what is called an integration
system, with developers given the right authorisations for a client in
that system. When ready, changes are transported to the consolidation
system and even if developers had the right profiles, changes to the
programs would be deemed repairs, so permanent changes should not be
done here.
If they haven't been set up on the production system, then they will not
have access to it; but beware of trojan horses.
--
Vincent Lock
Mitcham
England
