- SAP Community
- Groups
- Interest Groups
- Application Development
- Discussions
- User Buffer not refreshed after User Comparison
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
User Buffer not refreshed after User Comparison
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-14-2008 5:27 PM
Hello,
I faced a strange situation where User Buffer not refreshed after User Comparison.
The way I figured it out is :
1. created a role, with authorization to search "complaints" in tcode CRMD_ORDER
2. assigned the role to a user.
3. did user comparison.
4. for the first time the user logs into the system he is able to search based on "complaints"
5. went to the same role and changed authorizations : deactivated CRM_CMP.
6 did user comparison.
7. the user is still able to search based on "complaints"
user buffer show new authorizations assigned to him. i.e., CRM_CMP authorization object is deactivated.
we went on to PFUD , and did user comparison. still the same result
we are on CRM 2007. why is this strange behavior?
Thanks in advance
VJ
- SAP Managed Tags:
- Security
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-15-2008 10:46 AM
I think the "logon and logoff" approach is well taken care of now... but if the system does not know that something has changed in the user's authorizations, then a corrupted user buffer will not be reset.
There are several ways of doing this. Most common are:
- Run report RSUSR405 or use the function module in it.
- Save a different role once, then remove it again.
- In any screen of SU01, type "RSET" into the ok-code field and hit enter.
Cheers,
Julius
- SAP Managed Tags:
- Security
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-15-2008 4:50 AM
Hi,
Did the user log off and log back in after the user comparison was done?
- SAP Managed Tags:
- Security
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-15-2008 8:18 AM
Silly question from my side, but did you generate the role before assigning it? Or, if the role already existed, did you manually delete the old profile before generating a new one? Otherwise, it may be resolved by the user logging off and back on again, as suggested above... some times, buffers do not update instantly.
- SAP Managed Tags:
- Security
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-15-2008 10:27 AM
Hi,
Just ask the user to log off & then do the user comparison, then ask the user to log in & check
Thanks
Siddhartha
- SAP Managed Tags:
- Security
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-15-2008 10:44 AM
Hi,
Please follow the following steps
Do the user comparision.
Generate role if not generated
Do check access for user through SUIM reports.
Check how many profiles are assigned to users.
As there is maximum I think (312) profiles we can assign to user.
If profile problem then reduce the no. of profile by restructuring the roles.
Let me know still u are facing problem.
Regards,
Digambar
- SAP Managed Tags:
- Security
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-15-2008 10:46 AM
I think the "logon and logoff" approach is well taken care of now... but if the system does not know that something has changed in the user's authorizations, then a corrupted user buffer will not be reset.
There are several ways of doing this. Most common are:
- Run report RSUSR405 or use the function module in it.
- Save a different role once, then remove it again.
- In any screen of SU01, type "RSET" into the ok-code field and hit enter.
Cheers,
Julius
- SAP Managed Tags:
- Security
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-17-2008 9:11 PM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-17-2008 9:22 PM
So did it go away of it's own accord, or did a way work to reset the problem?
Cheers,
Julius
- SAP Managed Tags:
- Security
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-17-2008 11:44 PM
Hello,
The issue is still there. We are trying to figure out the problem.
The changed role is assigned to new test user , then the new user is not able to see the list.
SAY:
1. role with auth obj, CRM_CMP is generated and given to user 'A' for the 1st time
2. User 'A' is able to see the list of complaints via CRMD_ORDER -> SEARCH ON COMPLAINTS. user 'A' log out of the system
3.now in the role obj CRM_CMP is deactivated. regenerated, user comparison is done. Given to user 'A'
4. user 'A' log in to the system, still able to see the list of complaints, if he selects the option "ALL" in the text box opposite to FIND.
5. if the enhanced role is given to a new user 'B' , he is not able to look into the list of complaints which user 'A' is able to.
Any suggestion...
Thanks,
VJ
Edited by: sapsec vj on Dec 17, 2008 5:47 PM
- SAP Managed Tags:
- Security
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-18-2008 12:19 AM
> 5. if the enhanced role is given to a new user 'B' , he is not able to look into the list of complaints which user 'A' is able to.
The only thing I am able to comment further about is that there are special cases for cross-component concepts where adding access (e.g. a role) will restrict the access in another of the same user.
These are either optional concepts (or ugly concepts if activated but not understood).
I have no idea whether this is the case in your CRM_ORDER application, but it sounds suspect of this.
Cheers,
Julius
- SAP Managed Tags:
- Security
