SCC4 and CATT settings

Question: To All SAP Gurus

In SCC4, what are the implications of the setting ' Restrictions when starting CATT and eCATT.

Does this have an impact on the production system if this is set to eCATT and CATT allowed? Would the production system also need to be opened as well?

Please can anyone shed any light on this.

Thanks

Dreamer

Answer:
This is simply an on-or-off switch saying CATTs can be run or CATTs can not be run. The ramifications are obvious.

I let CATTs run in DEV and sometimes in QAS but never PRD unless it is for initial data loads purposes - and then I shut it off as soon as possible.

Answer:
CATT = Computer Aided TESTING tool.

Answer:
What are the implications of allowing CATTs to run in production?

Answer:
Dreamer,

as the old guru says.. there are lots of ramifications. When you sit and really think about this, you will be able to come up with some on your own. I am sure all the real "gurus" out there are slapping their forhead on this question with a resounding DUH!, but to be honest, I think when we are starting out, we just don't realize these things so easy.

One of the major ramifications is that someone with access to SCAT in production could upload false or bad data into your system. Especialy when it comes to configuration. Without the other areas locked as well, someone could really mess with your tables, load users and the list goes on and on and on.

Another valid ramification is that even if someone is allowed to use SCAT and wants to upload something, they could potentially upload during peak usage of the system and cause a major slowdown. I have seen it happen. We usually only allow it to be open during off hours and when no one is in the system.

as oldsapguru and some of the others stated, you usually dont allow anyone to do this in Production once the system is up and running. There may be a rare config occasion, but then they need to request the system to be open during a specific time frame and for how long. Most likely this is all setup during a "change control" process so that everyone knows exactly what that person is doing.


Hope that helps some..

Answer:
Infact, as SAP works, you get the functionality whether you use it or not...

Your can also turn CATT off in SCC4 - the functions are not always obedient as they where not meant to be called... ha ha ha...

Hence protecting the functions is very important...

4 xmple, there are functions in the scat related objects, which serve the sole purpose of calling other functions once the first check has been passed at "1" (read the docu). There are also several transactions and reports (SA38 ect) which lead to CATT runs. Same goes for LSMW.

Therefore, any person with FUGR authorizations for SCAT objects has SAP_ALL on your system.. and that is relevant for whether they have a user ID or not.

Use routers, download the new RFC server program and setting restrictions at the gateway and RFC servers also helps. And for users who need access to the system, apply the minimum rights principle and watch segregation of duties. SAP enables that, and it has saved their asses on several occasions already!

It depends on whether you use it... and whether you consultant knows about it... or tells you yet...............