Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Users not able to access the Any transaction

Former Member

‎02-18-2009 6:34 AM

0 Kudos

Hello All.

I am facing a problem wherein ,I am unable to execute many SAP Security tx such as su01, suim,scul

su10.etc .I get a mesg "You are not authorized to use su01" and so on...

Note :System in which I have logged in is CUA.

I then checked all role assigned and found I have all roles which provide access to these trasaction in CUA. Strange!

I then validity date of roles.They have not expired.

Then I tried to run each of trasaction through user menu..

When I click onto the Tx in menu ,I am getting mesg as

"Destination D08CLNT200 is not defined as a "trusted system" -> Long text "

Note:D08 is child system linked to CUA.

Please let me know. What is preventing me from executing transactions even when I have all the roles assigned?

Thankyou,

Ajit

2 REPLIES 2

Former Member

‎02-18-2009 8:20 AM

0 Kudos

> Note:D08 is child system linked to CUA.

>Destination D08CLNT200 is not defined as a "trusted system" -> Long text

This means there is mostlikely a RFC poroblem with the system D08CLNT200. There seems to be a problem in the RFC config, as this is noe set up as a trusted system.

Regards,

Chinmaya

Former Member

‎02-18-2009 8:43 AM

0 Kudos

It appears that your role has a remote enabled menu. This means that the user clicks on the role in system A but the transaction is executed in system B.

Most likely this was something which was done while developing the role but then transported with the setting. You can see this on the menu tab of the role in PFCG. There will be an entry in a field called "RFC Destination" (or similar) where D08CLNT200 is defined.

This would also explain the message displayed: The RFC connection with the same name is in your system as well, but the user saved in the RFC connection does not have the authority for object S_RFCACL to start the transaction on your behalf. That is why this is a very critical authorization object, and it is (by default) not even included in SAP_ALL...

Deleting the destination setting in PFCG in the development source system and transporting again would be the correct approach. You should perhaps do a check whether there are any other roles with the same and whether this feature is intended at all. If I remember correctly, there is even a PRGN_CUST setting where you can block it if you wish to...

Cheers,

Julius