- SAP Community
- Groups
- Interest Groups
- Application Development
- Discussions
- Authorization issue in a role
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Authorization issue in a role
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-03-2009 6:30 AM
Hi Everyone,
Theres a role in which user is not able to access tcode SE11, i asked him to run SU53. Su53 says to add the TCODE SE11 in the authorization field TCD in Authorization object S_TCODE. I did that but still the user is nlot able to execute the tcode.
Thanks in advance.
Avneesh
- SAP Managed Tags:
- Security
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-04-2009 1:37 PM
Hi,
To chk for if user has tcode assigned to him or not.
Goto SUIM ->User by complex selection>transaction auth>give se11> execute.
You will get list of users who ve access to tcode se11.
if u dont find the user then assign a Role which contains tcode Se11 to that user.
The Procedure is
Go to PGFC->paste the role XXX---->Select Menu(tab)
Opt for Transaction option>clickon Role>Add Tcode .
After adding Tcode --->Save & Generate(Red button).
Then click on Users(tab) -> u will find Compare users option> clickon it to complete the process.
Plz chk if User option is Red.Here User comparision is important .
Thanks
Ramakrishna.
- SAP Managed Tags:
- Security
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-03-2009 12:57 PM
Hi Avneesh,
You have to add the transaction in PFCG at menu area. Because adding directly a Tcode under Auth. Object will not add the Auth. Object of tcode into profile.
So add the Tcode at Menu area by following below steps.
Execute PFCG -> Give the Role Name -> Click on Change option -> Click on Menu -> Click on Transaction
Add the Tcode SE11 and confirm by clicking on Assign Transaction.
Click on Authorisation Tab ->Click on Change button.
This will add all the auth. object. now generate the profile and ask user to check.
Thanks
Lokendra
- SAP Managed Tags:
- Security
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-04-2009 11:10 AM
Once you add any t-codes in the menu.
it will update in the authorization object S_TCODE and few more auth objects will be added.
Before you generate the profile of that particular you have to make those auth objects to green and then generate the profile.
if you done all these, please switch on the trace in ST01 and ask the enduser to login again and execute the t-code and once the enduser face the authorization check failed, please switch off the trace and look into the log details,.
There you will get information about the authoirzation and the access.
Hope this will help you.
- SAP Managed Tags:
- Security
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-04-2009 12:25 PM
Hi,
It seems that trx: SE11 is already in the role but the user is not able to access the transaction inspite of having the role. If this is the issue, please check if the transaction is available in the user buffer. SUIM --> Transactions --> Executable for user . If the transaction is not available here, then the profile for the role needs to be re-generated through PFCG.
--Dipesh.
- SAP Managed Tags:
- Security
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-04-2009 1:37 PM
Hi,
To chk for if user has tcode assigned to him or not.
Goto SUIM ->User by complex selection>transaction auth>give se11> execute.
You will get list of users who ve access to tcode se11.
if u dont find the user then assign a Role which contains tcode Se11 to that user.
The Procedure is
Go to PGFC->paste the role XXX---->Select Menu(tab)
Opt for Transaction option>clickon Role>Add Tcode .
After adding Tcode --->Save & Generate(Red button).
Then click on Users(tab) -> u will find Compare users option> clickon it to complete the process.
Plz chk if User option is Red.Here User comparision is important .
Thanks
Ramakrishna.
- SAP Managed Tags:
- Security
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-05-2009 10:26 AM
Hi Avneesh
Please check that is user able to access SE11 ransaction after doing user comparison then it is OK. Other wise please follow next method :
1. Go to ST01 and make the general settings for the user with selection authorization check
2. After saving the settings , activate traces.
3. Ask user to perform same activities and then off traces.
4. Go to Analysis button and try to see the traces for that particular user.
5. In the trace file please check the authorization objects against which user is facing RC =4 or RC = 12 . Please add those authorization objects in the role .
Hopefully , it will resolve the issue.
Thanks
SAPSAVVY
- SAP Managed Tags:
- Security
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-05-2009 11:33 AM
> 5. In the trace file please check the authorization objects against which user is facing RC =4 or RC = 12 . Please add those authorization objects in the role .
I love authorization administrators who blindly follow such advice. As a user I will keep pushing buttons as long as the trace is running
Please make sure only to add the relevant objects. Best sit with the user as he/she is going through the process to make sure he/she doesn't try other things to get a wider access.
- SAP Managed Tags:
- Security
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-06-2009 3:20 PM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-06-2009 4:47 PM
Please close this thread if it has been answered multiple times already...
- SAP Managed Tags:
- Security
