Solved: Need to knw the criticality of authoriztaion obje ...

Former Member · ‎09-01-2009

Hi

Can you pls confirm me giving the authorization for s_user_grp with activity 05 is critical or not if the user is not carrying the authorization for t code su01

regards

Mysterious

Former Member · ‎09-01-2009

Hi,

This auth obj is present both in su01 and su10. If su10, (though su01 is not assigned)is assigned to your user you can perform

what ever activity(5) you have assigned to the auth obj using su10. If both su01 and su10 are not assigned, it would not have

much significance as system cannot pass the auth obj s_tcode (=su01 or su10) at the first place. Hence user would not be

allowed to enter the tcodes at the first place to perform the activity. I feel this is logical too.

The auth obj s_user_grp is for user group maintenance as the name suggests, It has two auth feilds "user group" and "activity"

Also, If in your project all users are grouped into user groups, then assigning activity =5 without specifying user group does not

have any significance as system does not know which user group to act upon.

Hope it is useful.

Regards,

Brahmeshwar

Former Member · ‎09-01-2009

Hi,

This auth obj is present both in su01 and su10. If su10, (though su01 is not assigned)is assigned to your user you can perform

what ever activity(5) you have assigned to the auth obj using su10. If both su01 and su10 are not assigned, it would not have

much significance as system cannot pass the auth obj s_tcode (=su01 or su10) at the first place. Hence user would not be

allowed to enter the tcodes at the first place to perform the activity. I feel this is logical too.

The auth obj s_user_grp is for user group maintenance as the name suggests, It has two auth feilds "user group" and "activity"

Also, If in your project all users are grouped into user groups, then assigning activity =5 without specifying user group does not

have any significance as system does not know which user group to act upon.

Hope it is useful.

Regards,

Brahmeshwar

Former Member · ‎09-01-2009

What about SU01_NAV and BAPI_USER_CHANGE and SWU3 and EWZ5 etc?

If you use this approach you need to be very carefull or be able to trust and log the user for eventualities.

A good idea would be to limit to the user group (e.g. FireFighters...) and ensure all others have a group of sorts assigned.

Error prone, but it can work.

Cheers,

Julius

Edited by: Julius Bussche on Sep 1, 2009 9:44 AM

Former Member · ‎09-02-2009

my concen was there are certain Finance users who ask for this authoriztaion object with actvity as 5 and user group as FICO , though thy are not administartors nor having the authorization of SU01/Su10 ..

so was confused y they need this authoriztaion object .

Former Member · ‎09-02-2009

That's it? All they say is "Gimme 05, mysterious man!"

Surely there must be more information than just that... or is it meant to be a mystery for us as well?

Cheers,

Julius

Former Member · ‎09-01-2009

What exactly is your user trying to do?

Very often auth failures on S_USER_GRP actvt 05 are dummy/false failures. Unless you know exactly what they are doing then you cannot make a call on the importance of this.

sdipanjan · ‎09-01-2009

For endusers, those who doesn't need to perform administrative tasks, you can Deactivate this Object in the roles assigned to them. There will surely be some other Objects like this to them.

Regards,

Dipanjan

Former Member · ‎09-03-2009

Just need to confirm certain FI users always ask for this particular Auhorization object even though they have not been assigned to any t code related to SU01 / Su10 , so just wann knw its criticality

Rrds

Mysterious

Former Member · ‎09-03-2009

FYI: Some of your recent posts have mysteriously disappeared.

Former Member · ‎09-16-2009

thx

Need to knw the criticality of authoriztaion obje S_User_grp