Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Showing results for 
Search instead for 
Did you mean: 

Authorisation checks failed

Former Member
0 Kudos

Hi Guys

A Problem has come in picture: I ran su53 and it ended with error for some users.

This all has come in picture after we applied SP to SAP System.

Authorisation check failed

Object class BC_C Basis - Developement Environemnt

Authorisation Ojb.S_TransLAT Translation environment ojbect

Authorisation field ACTVT Activity

02

Authorisation filed TLANGUAGE Target Language

E

Authorisation field TRANOBJ Translation : Text type name

Can anyone aware of this error?

Regards

Ricky

Edited by: Ricky kayshap on Oct 14, 2008 4:56 PM

1 ACCEPTED SOLUTION

Former Member
0 Kudos

Hi Ricky,

The error which you have provided looks like an usual SU53 error that occurs due to missing authorisation in user profile.Could you please ensure that the users who are getting this error is actually not missing the authorisation which the SU53 is throwing up in his/her user profile before we draw an inference that this is due to the SP which has been applied lately.

Thanks,

Saby..

19 REPLIES 19

Former Member
0 Kudos

Hi Ricky,

The error which you have provided looks like an usual SU53 error that occurs due to missing authorisation in user profile.Could you please ensure that the users who are getting this error is actually not missing the authorisation which the SU53 is throwing up in his/her user profile before we draw an inference that this is due to the SP which has been applied lately.

Thanks,

Saby..

0 Kudos

This is the exact error i have got:

Authorization check failed

Object Class BC_C Basis - Development Environment

Authorization obj. S_TRANSLAT Translation environment authorization object

Authorization field ACTVT Activity

02

Authorization field TLANGUAGE Target language

E

Authorization field TRANOBJ Translation: Text type name

LONG

User's Authorization Data PASCOAJ

No authorizations available

How can we check what authorizatons are missing in the users profile?

Regards

Ricky

0 Kudos

Hi Ricky,

You had said earlier that the SU53 had ended with errors for some users.What i wanted to say is that if you could check for those users if they are missing the authorizations as shown in SU53 in their user profile.

For finding out the same.

Go to SUIM

Roles by complex search criteria

In the field "User" give the user name i.e PASCOAJ

Scroll down to the section "Selection according to authorization values"

Enter the name of the auth. obj in the field "Object 1" i.e S_TRANSLAT

Click on the button "Entry Values" and then in the respective fields below enter the values as per the SU53 error that you are getting.

Then Execute.

If the user PASCOAJ has this authorization avaliable in his user profile then the result would display the name of the roles through which he is getting the access or else it will display at the bottom "no data was selected" which would mean that the user does not have this particular authorization.

You will then have to find out the appropriate roles if existing in your landscape with this authorization which can be assigned to the user without any SOD conflicts.

Thanks,

Saby..

0 Kudos

hi Rudhra

I entered the following details in SUIM navigated to the path you mentioned.

Role: YSFARC0000

User(s): PASCOAJ

Object 1: S_TRANSLA

Activity: 2

Target Language: E

Traqnslation : Text Type name: LONG

Result: No Data wa selected

so It mean that user doesnt have the authorization, as you said.

Now how can i found the appropriate roles for this authorization.

regards

0 Kudos

Hi Ricky,

I had not mentioned to put anything in the Role field of the Roles by complex search criteria option earlier.

Q.Now how can i found the appropriate roles for this authorization?

For finding out if any roles exists in your system with this authorization do the following:

Repeat the same steps as i had asked you to earlier i.e in SUIM but this time do not enter the user name i.e PASCOAJ in the user field

Then execute.

By doing this, you will get a list of roles i.e SAP & customized provided if any roles exists in the system with the specified authorization.

From there, you will have to choose one which you think would be appropriate to assign to the user.

Thanks,

Saby..

0 Kudos

Hi Ricky,

are you sure, that the user really needs s_transalt with ACTVT=02??

this is also checked, if the user displays the longtext of the error message he got after the authorization error occurred, so it might have nothin to do with the authorization error, which lead to problem in the transaction.

It is advisable to use ST01 instead of SU53 to analyze missing authorizations, as SU53 only displays the last faild check only!

b.rgds, Bernhard

0 Kudos

Hi Bernhard

are you sure, that the user really needs s_transalt with ACTVT=02??

Ans: I am not really sure because i have a very little knowledge in Security, but since authorissaton check is failing so i believe this must be required.

May i know what these three errors 2, E, LONG do really mean??

Thank you

Ricky

0 Kudos

Hi Ricky,

ACTVT=02 means 'change'

TLANGUAGE =E means Target Language of translation=english

TRANOBJ =LONG means Text type for tranlsation=longtexts (longtexts to be translated).

If you have the problem not in amaintenance transaction for texts, I am pretty sure, that this result of SU53 has nothing to do with the problem the user has.

Please run ST01(authorization trace) to find out what really the problem is....

b.rgds,

Bernhard

0 Kudos

Hi,

I think you should go back to the beginning again. Ask your user what transaction he performs and go as far as the problem lets him go. Ask him then to perform transaction su53. You yourself can take this over in su53 see the button left on top and see what realy is going on. When I look into su24 with the authorization object you find not much transactions that will generate this object in PFCG. You can write them down and try to find out via SUIM if one of these transactions are in the role of that user. I think that the problem is something else. Su56 for the user gives you a lot of information what he realy has for authorizations.

Have fun.

Bye Jan van Roest

0 Kudos

Hi,

I just had the same su53 as you showed us. It was because I was not permitted to run SE16 and I clicked on the authorization message. So go to your user and ask him to run the transaction again and immediately after the authorization failure transaction su53, then you will realy find out what is the problem.

Have fun

Bye Jan van Roest

0 Kudos

>

> Hi,

>

> I think you should go back to the beginning again. Ask your user what transaction he performs and go as far as the problem lets him go. >

> Have fun.

> Bye Jan van Roest

Agree but run ST01 and turn on trace. Let us know the Tcode in question and we'll be able to shed some more light on the error.

0 Kudos

Hi guys

i have turned the authorisation trace to on in both qas, and production box.

Former Member
0 Kudos

>

> Hi Guys

> A Problem has come in picture: I ran su53 and it ended with error for some users.

> This all has come in picture after we applied SP to SAP System.

>

> Authorisation check failed

> Object class BC_C Basis - Developement Environemnt

> Authorisation Ojb.S_TransLAT Translation environment ojbect

> Authorisation field ACTVT Activity

> 02

> Authorisation filed TLANGUAGE Target Language

> E

> Authorisation field TRANOBJ Translation : Text type name

>

> Can anyone aware of this error?

>

> Regards

> Ricky

>

> Edited by: Ricky kayshap on Oct 14, 2008 4:56 PM

If you are using SAP delivered roles, most likely the authorization tab is yellow after the upgrade and you need to regenerate. If not, go to PFCG look up the object and check if it has ACTVT 02, this might just be a coincidence with the upgrade.

0 Kudos

hi John

Role is YSFARC0000, which i dont think is a sAP standard role.

So did its not yellow.

So now i need to go to PFCG:

Can you navigate me to go to PFCG to look up the object and check if it has ACTVT 02, this might just be a coincidence with the upgrade.

if it has actvt 02 then what i need to do?

regards

0 Kudos

>

> hi John

> Role is YSFARC0000, which i dont think is a sAP standard role.

> So did its not yellow.

> So now i need to go to PFCG:

> Can you navigate me to go to PFCG to look up the object and check if it has ACTVT 02, this might just be a coincidence with the upgrade.

>

> if it has actvt 02 then what i need to do?

>

>

> regards

PFCG->Authorizations->Change->Find(binoculars)->Enter Object Name->click Find Object

The Activity will be displayed for the authorization object in question.

0 Kudos

Hi Ricky,

This is how you can navigate in PFCG:

Go to PFCG

Enter the role name and click display

Go to the authorization tab and click on the display authorization data option below which will open up the the authorization data maintainence screen

Click on "find" from the menu bar at the top and enter the name of the auth. object and it will navigate you to that object.Then open that object to see the values for the fields which have been maintained there.

Thanks,

Saby..

0 Kudos

Hi Rudra

I have done the same , try to find the object in the pfcg under the role but the result was:

Nothing Found

Edited by: Ricky kayshap on Oct 15, 2008 11:25 AM

0 Kudos

hi John

I did the same to find the object :

I navigated to

pfcg> enter role> Enter display > authorisation tab->Display Authorization data-> and find the object S_TRANSLAT

Result:

Nothing found

Former Member
0 Kudos

Hi,

From the error you have given, I can see that Activity 02 is missing for S_TRANSLAT authorization object. So, to find out what are the roles are affecting, please do the following:

Steps 1:

Go to Transaction SE16 / SE16N

Use table AGR_1251

In the Role field u2013 Type *

In the Object Field u2013 Type S_TRANSLAT

In the field name u2013 ACTVT

In the Value field u2013 Type (Not Equal to) 02

Execute the same and you will get the list of roles are missing with S_TRANSLAT object with activity 02.

Regards

Anandm