Activation of the Profile Generator
You must set this parameter to "Y" if you use the profile generator.
The profile generator uses the authorization default values, which youcan maintain with transaction SU24. You also use this transaction tospecify whether and which authorization checks are to be suppressed forselected transactions.
If you have switched off authorization checks using transaction SU24,users can perform activities without having the correspondingauthorizations. Nevertheless, it can make sense to reduce the scope ofauthorization checks, such as in the following cases:
You do not use the authorization object linked to the authorizationcheck (for example, in FI, you use HR authorizations, although you donot actually use the SAP HR system).
The authorization check for object S_TCODE protects the core transactionanyway. (Note, however, that authorization check S_TCODE only providesvery general protection. This in itself is not a reason to suppress anauthorization check.)
You want to prevent permitting all values (*) for all authorizationfields in the authorization object.
If you have suppressed authorization checks (you have set the parameterto "Y"), we recommend that you check the data in SU24 regularly toensure that the entries are set to the correct values.
Who is allowed
Limitation for os
Limitation for db