Hi Kiran,

Actually one user is coming through portal & trying to execute one EHS report. He is getting," Your user master record is not sufficiently maintained for object Authorization Object for EHS Incident/Accident. "

I

1) traced his activities & didn't get any record with RC=0.

2) found, his team-mate( is able to run the report ) has that customised authorisation object.

3) found, the user had this customised authorisation object, when he was able to run the report.

Thank you.

Regards,

Sachhidanand Rankhambe

Do a compare between the Two User IDs using SUIM->Comparisions->Users.

Gp

Hi Gopi,

My stress is not on fixing the authorisation problem.

I am not getting, why I didn't get any record for that customised authorisation object in the trace. Is it a limitation of ST01? Or something else?

Thank you.

Regards,

Sachhidanand Rankhambe

By the sounds of it there is a user specific activation switch to turn the check on.

If the user is not activated for the check, the report throws the above message that they are not setup for the check at all, and the report exits.

My recommendation is to run an ST0 trace for a user who is able to run the report. Double-click the line on the file for this custom auth object check and click on "Go to ABAP source location" (if you are authorized) in the top left corner.

Then take a look at what happens prior to the authority-check. My guess is that it is looking for some sort of configurable condition (a check table, or possibly even a different authority-check..) immediately prior to checking your object.

Cheers,

Julius

Hi Julius,

Unfortunately I didn't get any record for that customised authorisation object in the trace for the user able to run.

And if you don't mind, then i would like to ask the purpose of deactivating a check for an user( if the report is going to exit ) & the steps to do it.

Thank you.

Regards,

Sachhidanand Rankhambe

> Actually one user is coming through portal & trying to execute one EHS report. He is getting," Your user master record is not sufficiently maintained for object Authorization Object for EHS Incident/Accident. "

Is this "just" a logon portal, or a portal iview where the user is confronted by this message in the portal itself?

On the back-end ABAP system, developers can do a lot of creative and even strange stuff. They can even code successfull authority-checks to prevent access if they want to (as exceptions).

From what you have discribed, there are some undocumented or badly communicated techniques in your concept. But I might be wrong... I think you need to explain the context and please post your code (the context and coding of this custom auth object check) for us to be able to help further...

Cheers,

Julius

Hi Julius,

I( with ABAPers' help ) was trying to find out the coding part, but failed. Actually this is a BW report pulling some data from R/3 & has no corresponding transaction.

Can you please tell me, how can I get that coding part? Thank you.

And yes, this is a portal iview.

Regards,

Sachhidanand Rankhambe

By now you will have noticed that there is an increasing gap between your original question and what we are looking for as a solution, right?

Please state your question clearly with more information and post your code.

Cheers,

Julius

Hi Julius,

Even now I am looking for," Does ST01 trace the authorisation checks being carried out against customised authorisation objects? ".

Additionally I introduced,

1) purpose of deactivating a check for an user( if the report is going to exit ) & the steps to do it,

because during discussion you mentioned," If the user is not activated for the check, the report throws the above message that they are not setup for the check at all, and the report exits. " &

2) Can you please tell me, how can I get that coding part?,

because I want to provide the requested information, ie code.

Just to clarify once again, first I want to know," Does ST01 trace the authorisation checks being carried out against customised authorisation objects? ".

And if you don't mind, then I would like to know the answer of 1) & 2) as well. You want me to create separate threads for this?

Thank you.

Regards,

Sachhidanand Rankhambe

It would be very helpfull (for you as well if you could see what this custom object check is doing in your custom program. Otherwise we can not do much more than guess.

My recommendation:

- Go to transaction ST01 and activate the trace for the user.

- Go to transaction SM50 and select each of the application servers individually and activate the same trace settings on all of them.

- Run this functionality through from start to finish to see whether your check turns up.

- If still not, then run a scan with report RS_ABAP_SOURCE_SCAN for it as a search pattern (or try the binocular button in the ABAP Editor).

Some other explanations are that the check is in a form routine which is not used at all and therefore never reached, so you can find it by doing a static search for the name of the auth object. While there, also search for the terms "set extended" and "generate subroutine".

If that doesn't work, then you will probably be best off debugging it.

FYI: with release 7.00 Enhancement Package 2 there are some very very cool features in the new debugger for finding stuff like this by setting "terminal-points" and using "layered debugging".

Cheers,

Julius

> 1) purpose of deactivating a check for an user( if the report is going to exit ) & the steps to do it

To be able to access a transaction only under very specific contexts (for which the checks are turned off). You can do this in SU24 (or for tcodes in SE97, or programmatically). This can be a very usefull feature, but you need to plan it carefully (sorry SAP :-).

> If the user is not activated for the check, the report throws the above message that they are not setup for the check at all, and the report exits. " &

> 2) Can you please tell me, how can I get that coding part?,

Here is an example for you =>

Very ugly...

Cheers,

Julius

Hi Julius,

I confirmed, ST01 traces the checks being carried out against customised authorisation objects.

And regarding my project specific problem, I got that cusomised authorisation object in the RSSM trace.

Thanks a lot Julius & others, who helped me to solve this problem.:-)

Regards,

Sachhidanand Rankhambe

> I got that cusomised authorisation object in the RSSM trace.

Ahh yes, I should have thought of something like this.

Now I know for next time

Thanks,

Julius