10-14-2008 3:56 PM
Hi Guys
A Problem has come in picture: I ran su53 and it ended with error for some users.
This all has come in picture after we applied SP to SAP System.
Authorisation check failed
Object class BC_C Basis - Developement Environemnt
Authorisation Ojb.S_TransLAT Translation environment ojbect
Authorisation field ACTVT Activity
02
Authorisation filed TLANGUAGE Target Language
E
Authorisation field TRANOBJ Translation : Text type name
Can anyone aware of this error?
Regards
Ricky
Edited by: Ricky kayshap on Oct 14, 2008 4:56 PM
10-14-2008 4:37 PM
Hi Ricky,
The error which you have provided looks like an usual SU53 error that occurs due to missing authorisation in user profile.Could you please ensure that the users who are getting this error is actually not missing the authorisation which the SU53 is throwing up in his/her user profile before we draw an inference that this is due to the SP which has been applied lately.
Thanks,
Saby..
10-14-2008 4:37 PM
Hi Ricky,
The error which you have provided looks like an usual SU53 error that occurs due to missing authorisation in user profile.Could you please ensure that the users who are getting this error is actually not missing the authorisation which the SU53 is throwing up in his/her user profile before we draw an inference that this is due to the SP which has been applied lately.
Thanks,
Saby..
10-14-2008 4:51 PM
This is the exact error i have got:
Authorization check failed
Object Class BC_C Basis - Development Environment
Authorization obj. S_TRANSLAT Translation environment authorization object
Authorization field ACTVT Activity
02
Authorization field TLANGUAGE Target language
E
Authorization field TRANOBJ Translation: Text type name
LONG
User's Authorization Data PASCOAJ
No authorizations available
How can we check what authorizatons are missing in the users profile?
Regards
Ricky
10-14-2008 5:27 PM
Hi Ricky,
You had said earlier that the SU53 had ended with errors for some users.What i wanted to say is that if you could check for those users if they are missing the authorizations as shown in SU53 in their user profile.
For finding out the same.
Go to SUIM
Roles by complex search criteria
In the field "User" give the user name i.e PASCOAJ
Scroll down to the section "Selection according to authorization values"
Enter the name of the auth. obj in the field "Object 1" i.e S_TRANSLAT
Click on the button "Entry Values" and then in the respective fields below enter the values as per the SU53 error that you are getting.
Then Execute.
If the user PASCOAJ has this authorization avaliable in his user profile then the result would display the name of the roles through which he is getting the access or else it will display at the bottom "no data was selected" which would mean that the user does not have this particular authorization.
You will then have to find out the appropriate roles if existing in your landscape with this authorization which can be assigned to the user without any SOD conflicts.
Thanks,
Saby..
10-14-2008 5:48 PM
hi Rudhra
I entered the following details in SUIM navigated to the path you mentioned.
Role: YSFARC0000
User(s): PASCOAJ
Object 1: S_TRANSLA
Activity: 2
Target Language: E
Traqnslation : Text Type name: LONG
Result: No Data wa selected
so It mean that user doesnt have the authorization, as you said.
Now how can i found the appropriate roles for this authorization.
regards
10-14-2008 7:35 PM
Hi Ricky,
I had not mentioned to put anything in the Role field of the Roles by complex search criteria option earlier.
Q.Now how can i found the appropriate roles for this authorization?
For finding out if any roles exists in your system with this authorization do the following:
Repeat the same steps as i had asked you to earlier i.e in SUIM but this time do not enter the user name i.e PASCOAJ in the user field
Then execute.
By doing this, you will get a list of roles i.e SAP & customized provided if any roles exists in the system with the specified authorization.
From there, you will have to choose one which you think would be appropriate to assign to the user.
Thanks,
Saby..
10-15-2008 8:55 AM
Hi Ricky,
are you sure, that the user really needs s_transalt with ACTVT=02??
this is also checked, if the user displays the longtext of the error message he got after the authorization error occurred, so it might have nothin to do with the authorization error, which lead to problem in the transaction.
It is advisable to use ST01 instead of SU53 to analyze missing authorizations, as SU53 only displays the last faild check only!
b.rgds, Bernhard
10-15-2008 10:33 AM
Hi Bernhard
are you sure, that the user really needs s_transalt with ACTVT=02??
Ans: I am not really sure because i have a very little knowledge in Security, but since authorissaton check is failing so i believe this must be required.
May i know what these three errors 2, E, LONG do really mean??
Thank you
Ricky
10-15-2008 11:15 AM
Hi Ricky,
ACTVT=02 means 'change'
TLANGUAGE =E means Target Language of translation=english
TRANOBJ =LONG means Text type for tranlsation=longtexts (longtexts to be translated).
If you have the problem not in amaintenance transaction for texts, I am pretty sure, that this result of SU53 has nothing to do with the problem the user has.
Please run ST01(authorization trace) to find out what really the problem is....
b.rgds,
Bernhard
10-15-2008 11:42 AM
Hi,
I think you should go back to the beginning again. Ask your user what transaction he performs and go as far as the problem lets him go. Ask him then to perform transaction su53. You yourself can take this over in su53 see the button left on top and see what realy is going on. When I look into su24 with the authorization object you find not much transactions that will generate this object in PFCG. You can write them down and try to find out via SUIM if one of these transactions are in the role of that user. I think that the problem is something else. Su56 for the user gives you a lot of information what he realy has for authorizations.
Have fun.
Bye Jan van Roest
10-15-2008 2:07 PM
Hi,
I just had the same su53 as you showed us. It was because I was not permitted to run SE16 and I clicked on the authorization message. So go to your user and ask him to run the transaction again and immediately after the authorization failure transaction su53, then you will realy find out what is the problem.
Have fun
Bye Jan van Roest
10-15-2008 3:43 PM
>
> Hi,
>
> I think you should go back to the beginning again. Ask your user what transaction he performs and go as far as the problem lets him go. >
> Have fun.
> Bye Jan van Roest
Agree but run ST01 and turn on trace. Let us know the Tcode in question and we'll be able to shed some more light on the error.
10-15-2008 3:46 PM
Hi guys
i have turned the authorisation trace to on in both qas, and production box.
10-14-2008 5:29 PM
>
> Hi Guys
> A Problem has come in picture: I ran su53 and it ended with error for some users.
> This all has come in picture after we applied SP to SAP System.
>
> Authorisation check failed
> Object class BC_C Basis - Developement Environemnt
> Authorisation Ojb.S_TransLAT Translation environment ojbect
> Authorisation field ACTVT Activity
> 02
> Authorisation filed TLANGUAGE Target Language
> E
> Authorisation field TRANOBJ Translation : Text type name
>
> Can anyone aware of this error?
>
> Regards
> Ricky
>
> Edited by: Ricky kayshap on Oct 14, 2008 4:56 PM
If you are using SAP delivered roles, most likely the authorization tab is yellow after the upgrade and you need to regenerate. If not, go to PFCG look up the object and check if it has ACTVT 02, this might just be a coincidence with the upgrade.
10-14-2008 5:53 PM
hi John
Role is YSFARC0000, which i dont think is a sAP standard role.
So did its not yellow.
So now i need to go to PFCG:
Can you navigate me to go to PFCG to look up the object and check if it has ACTVT 02, this might just be a coincidence with the upgrade.
if it has actvt 02 then what i need to do?
regards
10-14-2008 6:59 PM
>
> hi John
> Role is YSFARC0000, which i dont think is a sAP standard role.
> So did its not yellow.
> So now i need to go to PFCG:
> Can you navigate me to go to PFCG to look up the object and check if it has ACTVT 02, this might just be a coincidence with the upgrade.
>
> if it has actvt 02 then what i need to do?
>
>
> regards
PFCG->Authorizations->Change->Find(binoculars)->Enter Object Name->click Find Object
The Activity will be displayed for the authorization object in question.
10-14-2008 7:38 PM
Hi Ricky,
This is how you can navigate in PFCG:
Go to PFCG
Enter the role name and click display
Go to the authorization tab and click on the display authorization data option below which will open up the the authorization data maintainence screen
Click on "find" from the menu bar at the top and enter the name of the auth. object and it will navigate you to that object.Then open that object to see the values for the fields which have been maintained there.
Thanks,
Saby..
10-15-2008 10:25 AM
Hi Rudra
I have done the same , try to find the object in the pfcg under the role but the result was:
Nothing Found
Edited by: Ricky kayshap on Oct 15, 2008 11:25 AM
10-15-2008 10:29 AM
hi John
I did the same to find the object :
I navigated to
pfcg> enter role> Enter display > authorisation tab->Display Authorization data-> and find the object S_TRANSLAT
Result:
Nothing found
10-15-2008 9:34 AM
Hi,
From the error you have given, I can see that Activity 02 is missing for S_TRANSLAT authorization object. So, to find out what are the roles are affecting, please do the following:
Steps 1:
Go to Transaction SE16 / SE16N
Use table AGR_1251
In the Role field u2013 Type *
In the Object Field u2013 Type S_TRANSLAT
In the field name u2013 ACTVT
In the Value field u2013 Type (Not Equal to) 02
Execute the same and you will get the list of roles are missing with S_TRANSLAT object with activity 02.
Regards
Anandm