04-20-2009 4:06 PM
Dear All,
Recently we were asked to assign VL01n T-code to a user. We have created a role and added the t-code and assigned to the user.By default there is only one auth. object comes with the tcode ie:(V_LIKP_VST) at the time when we have assigned the t-code to the user.
The user come back saying authobject missing with su53 screenshot showing the requirement of the auth. object (M_MSEG_BWA) . We added this auth. object to the role but user is still facing auth issue (auth object missing).
Now how we can understand what are the necessary authorisation object required for the t-code VL01N to run and support the std.scenarios. We have checked through su24 and found the auth. object required, but as a basis person i feel that adding all the auth object through su24 is not the correct option and its a tedious job to do also . Is there anyother workaround for this or how we can do this.
Thanks
Tom
04-20-2009 4:21 PM
Hello Tom,
You are right for VL01N the system should have proposed the object M_MSEG_BWA (Goods Movements: Movement Type ) during role maintenance. The standard SAP SU24 setting for this tcode should have had check/maintain as setting.
But, There would be not many standard tcodes which would have such inappropriate indicator settings in SU24 and I therefore disagree that it would be a tedious task maintaining the setttings.
Regards,
Subbu
04-20-2009 4:21 PM
Hello Tom,
You are right for VL01N the system should have proposed the object M_MSEG_BWA (Goods Movements: Movement Type ) during role maintenance. The standard SAP SU24 setting for this tcode should have had check/maintain as setting.
But, There would be not many standard tcodes which would have such inappropriate indicator settings in SU24 and I therefore disagree that it would be a tedious task maintaining the setttings.
Regards,
Subbu
04-20-2009 5:26 PM
Hi,
Thanks lot for the reply.
I have few things to clear,
1. In su24 of VL01N I can see around 43 authorisation object .
a). Is it required to add all the 43 auth. object to my role inorder to work all the scenario of the VL01N tcode ? or not or any other way out?
b).
Status Object Object description Checkind proposal
Maintained M_MSEG_BWA Goods Movements: Movement Type Check NO
Here I would like to understand what is the proposal means? As I can see only one thing below with the proposal yes for obj V_LIKP_VST
Maintained V_LIKP_VST Delivery: Authorization for Shipping Points Check YS
By default when we add tcode vl01n only this object V_LIKP_VST alone is present in the role.
Thanks
-Tom
04-20-2009 8:27 PM
It depends on the transaction code.
Do not add all 43....!
Accept the proposals, as they the intended objects for the transaction.
It might be that the transaction is a peripheral transaction to other entry points (for which some other transaction or service or RFC is bringing in the required "base check" authority.
If you want to change the proposals, change them in SU24 after considering whether your choice of transaction (on it's own) is the correct one.
Just because a transaction checks something or SU24 proposes it, does not mean that it needs it to be used correctly by the user.
Cheers,
Julius
04-21-2009 5:46 AM
Hi ,
Good day..
Thanks for the reply.
We have not added the all 43 auth. object. Now the customer is coming back again that he is not having authoisation for tcode VL01N and sending us the SU53 screen shot and we are giving that particular auth. object.
Now the customer is complaining that he did not get the exact authorisation. So the management is asking us to find or give what are all the auth object necessary for VL01N t-code to support the std. scenarios. As a Basis i am facing problem to identify the required necessary to be added with the T-code VL01N.
Or how we have to do this. Or is this can be solved only by getting the su53 screen shot from the customer/function consultant whenever they run the t-code?
Best Regards
Tom
Edited by: Tom on Apr 21, 2009 3:00 AM
04-21-2009 8:30 AM
I have a suggestion but this is not a answer we can consider this as a hint.
VL01n is SD (SAP Module) T-Code purpose is delivery creation is SD Activities while creating delivery it own ask other objects V_LIKP_VST this is enough.
While doing PGI ,PGI is included MM Activity also, so while doing PGI it will call MM related objects under mention dependents on the process.
M_BEST_EKO
M_MSEG_BWA
M_MSEG_WWA
Other objects like ABAP,BAIS,FI no need to provide if we are not provided above mention objects with proper activity and values it will call other module objects like ABAP or BASIS objects while taking SU53 dump.
So we have consider the full process of that particular T-code. if that process is related to other modules also and user doesnu2019t have that particular other module authorization the it will call those objects in background.
04-21-2009 9:00 AM
SU53 only gives you the last failed authority-check, which is not necessarily the correct one to give and will with almost certainty mislead you for building authorizations for a whole transaction or role.
Activate an ST01 trace on an application server and request that the user perform the tasks they need to do in VL01N on that same app server. Then analyze the trace and add the objects with prososals to SU24 if that is what you want to do.
Cheers,
Julius