cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

tcode authorization not working

Former Member

on ‎05-13-2009 9:38 AM

0 Kudos

hi all....

i am facing an issue where a tcode needs to be removed from a user's authorization list.

i have removed the tcode from the required role and double checked that no other role that is assigned to the user contains that tcode.

the user is still able to access that transaction.

i also checked with tcode suim and searched with tcode and found that only 1role exists with that tcode and the users name is not listed there..

plz advice as to what else can be checked

Regards

Arvind Kumar

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (3)

Answers (3)

Former Member
‎05-14-2009 9:24 AM
0 Kudos

Hi,

Also check the user buffer (TXN su56) and check the object S_TCODE and its values. You can get the profile/role name from which the user is able to access the transaction.

Regards,

Gowrinadh

Show replies
Show replies
Former Member
‎05-14-2009 9:36 AM
0 Kudos

Hi,

Probably the authorization object still exsists for that tcode in any of the role.

Regards,

Vamshi.

Former Member
‎05-13-2009 9:48 AM
0 Kudos

Hi Arvind,

Have you logged off & logged in again after changing the role/profile for the user?

If not, please do so and then check the result. Also, ensure that you have performed a User comparision in PFCG (user tab) for the role in question here.

If the problem still persists, please check whether you have assigned some standard profile to the user (eg SAP_ALL or similar profile) which may be giving the authorization to the user.

If the problem still persists, please use ST01 to trace the authorization for the user. Goto ST01, enable the authorization trace for the selected user, and then ask user to perform the activities again with the trace enabled.

Regards,

Anchit Khar.

SAP NetWeaver Consultant.

Show replies
Show replies
JPReyes
Active Contributor
‎05-13-2009 9:41 AM
0 Kudos

Do an authorization trace via ST01 and analize to see what authorization objects are giving him the ability to use that transaction.

Regards

Juan

Show replies
Show replies
Former Member
‎05-13-2009 9:44 AM
0 Kudos

thanks for the quick response..

i am not very familier with st01...can u plz explain how to go about it..?

former_member187565
Active Contributor
‎05-13-2009 9:48 AM
0 Kudos

Hi

> 

> thanks for the quick response..
> i am not very familier with st01...can u plz explain how to go about it..?

Go to transaction ST01 and select "Authorization Check" under Trace Components and click on "Trace On."

Ask the user to execute the transaction.

Once the user either complets the transaction or encounters the error message, go back to St01 and click on "Trace Off"

Then, click on "Analysis"

Replace the User name with the userid of the user who executed the transaction and select the appropriate range of dates and then click on the execute button.

This will show you all the authorization checks that was encountered by the user.

JPReyes
Active Contributor
‎05-13-2009 9:53 AM
0 Kudos

tick "authorization check", then click on general filters and put the name of the user under "trace for user only", following that start the trace by clicking TRACE ON. This is where you ask the traced user to open the transaction that he shouldn't have authorization for.... when he's finished click on TRACE OFF and then Analysis... you should find the list of all the authorization objects that he used, one of them should tell you the reason hes able to use it.

Most likely on of the roles he uses has the transaction added to S_TCODE

Regards

Juan

Ask a Question