Skip to end of metadata
Go to start of metadata
Object Description

Definition

S_DEVELOP is a general authorization object for objects in the ABAP Workbench.

Using this object, you can assign access authorizations for all the workbench components.

  • ABAP Development Tools
  • ABAP Debugger
  • ABAP Dictionary and Data Modeler
  • Screen Painter and Menu Painter
  • Function Library
  • Object Navigator and Info System
  • SAP Smart Forms
  • Form Builder
  • Enhancements
  • Switch Framework

Associated Objects:

  • Transport Organizer (S_TRANSPRT)
    To be able to work with the workbench, a user must have the appropriate authorization.
  • ABAP: Program Flow Checks (S_PROGRAM)
    To execute programs, a user must also have the appropriate authorization.

Defined fields

The object consists of five fields. The first four are used to identify an object or a function in the SAP system. The fifth field lists the operations that a user is allowed to execute on objects.

These are the following fields:

  • DEVCLASS Package for Transport System
    Package for which a user has authorization.
    Using the input help (F4), you can display and choose packages or find them in table TDEVC.
  • OBJTYPE ID of a Development Object
    Object types for which a user has authorization.
    You can display and choose possible values using the input help (F4).
    The object types for the ABAP Workbench can be (with a few exceptions) displayed, changed, created, and deleted:
    • APPLTREE: Application hierarchy (customer application menu hierarchy)
    • CLAS: Class (ABAP objects) (only display and change)
    • DEBUG: ABAP Debugging
      Special activities are checked here.
      Activity 03: Display
      Activity 02: Changing values of fields and (as of Release 6.10) the function Debugging->Goto statement
      Activity 01: Displaying in System Programs and Kernel Debugging
      The other fields of the authoriyation objects are not checked during the check for debugging authorization and can be set to ' ' (quotation mark, blank, quotation mark).
      Activity 90: Debuggin of sessions of other users (only HTTP and RFC session, but not dialog or background sessions). The users for whom the authorization is available are specified in the field "Object Name".
    • DEVC: Package (organizational unit for grouping development projects)
    • DIAL: Dialog modules
    • FUGR: Management of function modules groups
    • INTF: Interface (ABAP Objects) (only display and change)
    • LDBA: Logical databases
    • MENU: Area menus
    • MSAG: Message ID (message group)
    • PARA: Set/Get parameters ("Memory" parameters)
    • PINF: Package interface (see DEVC)
    • PROG: Programs and corresponding objects (screens, CUA definitions, program text elements, attributes, and variants)
    • SSFO: SAP Smart Forms
    • SSST: SAP Smart Styles
    • SUSK: Customer: Assignment transaction --> Authorization objects
    • SUSO: Authorization objects
    • SUST: Assignment transaction --> Authorization objects
    • SYST: Runtime analysis, SQL trace
      In the Activity field, only value 01 is required (see note 1263939 ).
    • TRAN: Transaction
    • WEBI: Service definitions for Enterprise Services

The object types for Web programming can be created, changed, and displayed.
Internet Transaction Server (ITS)

    • IAJU: JavaScript file
    • IAMA: MiniApp (only display and change)
    • IAML: Language-dependent MIME objects (ITS)
    • IAMU: MIME objects (ITS)
    • IARP: Internet service resource file
    • IASP: Internet service and parameters
    • IATL: Language-dependent HTML template
    • IATU: HTML template
      Business Server pages (BSP)
    • SMIM: Object from MIME Repository
    • WAPA: BSP application
    • WTAG: BSP extension
    • WTHM: Theme

The object types for XML programming can be created, changed, and displayed.

    • XSLT: XSLT program

The object types for the Form Builder<?> can be created, changed, and displayed.

    • SFPI: Form Object: Interface
    • SFPF: Form Object: Form

The object types for the ABAP Dictionary can be displayed, changed, created, deleted, and activated. Object types marked with * are database object types that can be created, deleted, or converted on the database.

    • DOMA: Domains
    • DTEL: Data elements
    • ENQU: Lock objects
    • INDX: Secondary indices*
    • MCID: Matchcode ID*
    • MCOB: Matchcode objects*
    • SHLP: Search helps
    • SQLT: Pool/Cluster tables*
    • SQTT: Technical settings table pool
    • STRU: Structures
    • TABI: Table index*
    • TABL: Transparent tables*
    • TABT: Technical setting for tables
    • TTYP: Table types
    • TYPE: Type groups
    • VIEW: Views*

The object types for the Data Modeler can be displayed, changed, created, and deleted.

    • UDMO: Data Modeler: Data model
    • UENO: Data Modeler: Entity type

The object type for the Business Object Repository can be displayed, changed, created, and deleted.

    • SOBJ: Business object type

The object types for customer enhancements can be displayed, changed, created, and deleted.

    • CMOD: Enhancement project (only change and display)
    • FUGS: SAP part of the customer exit (transaction CMOD)
    • FUGX: Customer part of the customer exit (transaction CMOD)
    • SXCI: Implementation Business Add-In (BAdI)
    • SXSD: Definition Business Add-In (BAdI)

The object type for CATT test cases can be displayed, changed, created, and deleted.
SCAT: Test case
The object types for enhancements can be displayed, changed, created, and deleted.

    • ENHO: Enhancement
    • ENHS: Enhancement Spot
    • ENHC: Enhancement Composite
    • ENSC: Enhancement Spot Composite

The object types for eCATT can be displayed, changed, created, and deleted. Test configurations can also be executed.

    • ECAT: Testscript
    • ECSD: System data container
    • ECTC: Test configuration
    • ECTD: Test data container

The object types for Switch Framework can be displayed, changed, created, and deleted.

    • SFBS: Business Set
    • SFBF: Business Function
    • SFSW: Switch
  • OBJNAME Object Name
    Names of the programs or objects of another type for which a user has authorization, also generic.
  • P_GROUP Authorization group for ABAP programs
    Allowed authorization groups for ABAP programs and corresponding objects. If you are not using your own authorization groups, you should set this field to the value *.
  • ACTVT Activity
    Operations that a user is allowed to execute.
    Possible Values:
    • 01: Create (valid for all object types)
    • 02: Change (valid for all object types)
    • 03: Display (valid for all object types)
    • 06: Delete (for all object types)
    • 07: Activate (only effective for ABAP Dictionary object types)
    • 16: Execute (only valid for eCATT test configurations and if you execute reports out of the development workbench accoring to note 1750997, 1686842, or 1596907)
    • 40: Create object in database (object types TABL, SQLT, VIEW, MCOB, MCID, and INDX)
    • 41: Delete object in database (object types TABL, SQLT, VIEW, MCOB, MCID, and INDX)
    • 42: Convert object in database (object types TABL, SQLT, VIEW, MCOB, MCID, and INDX)
    • 70: Monitor test runs (only im CATT, not im eCATT)
    • MA: Switch off the Modification Assistant for each transport object
    • L0: SAP internal. Change main package (object type DEVC)
    • 94: SAP Internal: Overwrite package check for activating DDIC objects (object type DEVC)

Examples

Developers: Generally, developers should have all S_DEVELOP authorizations, except the one for the database utility (ID of a development object, value TABT).

The corresponding authorization would be as follows:

Field

Value

Package for transport system

*

ID of a development object

A bis TABS, TABU bis Z*

Node name

*

Authorization group ABAP program

*

Activity

*

With this authorization, the user can access workbench objects without limitation, but is not allowed to perform any functions on the database utility. In the productive system, only Activity 03 Display is entered.

Authorization for the Database Utility: A user with the following authorization can use the database utility of the ABAP Dictionary:

Field

Value

Package for transport system

*

ID of a development object

TABT TABL INDX MACO MCID VIEW SQLT

Node name

*

Authorization group ABAP program

*

Activity

*

The user can use the database utility without limitation regarding objects of the executed types. Only these object types are relevant for the database utility.

Detailed Grouping: You can assign a user different authorizations for object types or object names by assigning several authorizations to the user.

Example: A user is to be allowed to have unlimited access to programs and ABAP Dictionary objects, but may only display data models.

You can define these different authorizations in the following manner:

Authorization 1: Programming without limitation

Field

Value

Package for transport system

*

ID of a development object

A bis U, V bis Z

Node name

*

Authorization group ABAP program

*

Activity

*

Authorization 2: Display data models

Field

Value

Package for Transport System

*

ID of a development object

U*

Node name

*

Authorization group ABAP program

*

Activity

03

Further Notes

In productive systems, only the system manager and the Early Watch users should have authorization to this object. The Early Watch user should only have authorization with the values SYST for the field ID of a development object, 03 for the field Activity.

The authorization checks during execution of function modules and methods in test environments (SE24, SE37, SW01, and so on) and the execution of programs are different. In the test environments, activity 16 (Execute) is checked. On the other hand, activity 03 "Display" implicitly contains the authorization for exectuin of programs. For each executable program whose execution is to be protected explicitly, there must be an appropriate authorization group assigned. In particular, through this assignment, security-relevant programs can be protected against display or execution. To assign programs to authorization groups, you can use the report RSCSAUTH. For more information, refer to the program documentation.

Specific Use Cases
  • No content found for label(s) usecase_S_DEVELOP.
Related Documentation

no documentation linked

Related SAP Notes

no SAP Notes linked

  • No labels