Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Error message despite similar role assignments (renamed)

Go to solution
sbmrafikul2
Participant

‎11-17-2009 7:17 AM

0 Kudos

Hi Experts,

I create two users in our system with the same role.But now one user is not able to run a report while the other user is able to run that report.The user who is not able to run the report says that "no authorization "message.Again it shows missing authorization while running SU53.

Now my doubt is that why i got that message for one user only,since both the user have the same authorization.Even i compare both the user but could not find any difference.

Your valuable comments on this topic will be highly appreciable.Thanks

Regards,

Jituda

Edited by: Julius Bussche on Nov 17, 2009 9:49 AM

1 ACCEPTED SOLUTION

Go to solution
Former Member

‎11-17-2009 9:21 AM

0 Kudos

Hi Jituda,

The possible reasons could be:

- Activity groups have been maintained since you last logged on to the System. To display the new authorizations, log off from the system and then log on again

- The user buffer is too small. Maintain the following R/3 profile parameter: auth/auth_ number_ in_ userbuffer

You can check the authorizations contained in user buffer in SU56 and compare for both the users.

Hope it helps

Good Luck

Rasheed

12 REPLIES 12

Go to solution
jurjen_heeck
Active Contributor

‎11-17-2009 7:20 AM

0 Kudos

1- Run transaction PFUD for both users' roles.

2- Have a look ath the users' parameters.

And please choose a better post subject next time.

Go to solution
sbmrafikul2
Participant
In response to jurjen_heeck

‎11-18-2009 4:35 AM

0 Kudos

Hi

> 1- Run transaction PFUD for both users' roles.

Yes,i did the reconciliation with the help of PFUD,but still got the same error message.

> 2- Have a look ath the users' parameters.

I already checked.Both the user have the same parameters.

> And please choose a better post subject next time.

Apologies for that.Next time i will use a appropriate subject for my queries.

Kind regards,

Jituda

Go to solution
Former Member

‎11-17-2009 7:30 AM

0 Kudos

Hi

Might be user having buffer problem also(authorizations not loaded fully into SU56 buffer), tell him to logoff and login again

Once he login into the system imeediately check SU56 from your side for the requried auth object is loaded or not

Regards

Hari

Go to solution
sbmrafikul2
Participant
In response to Former Member

‎11-18-2009 4:39 AM

0 Kudos

Hi

> Might be user having buffer problem also(authorizations not loaded fully into SU56 buffer), tell him to logoff and login again

> Once he login into the system imeediately check SU56 from your side for the requried auth object is loaded or not

Thanks.But when i checked the tcode su56 both have same authorization.

Kind regards,

Jituda

Go to solution
Former Member
In response to Former Member

‎11-18-2009 4:44 AM

0 Kudos

Jituda,

how about answering the Julius question..."Which report we are talking about here ? "

If it not standard, then Julius might be bang on target ...

Cheers !!

Zaheer

Go to solution
Former Member

‎11-17-2009 8:50 AM

0 Kudos

What is the name of the report?

Go to solution
sbmrafikul2
Participant
In response to Former Member

‎11-18-2009 5:03 AM

0 Kudos

Hi,

> What is the name of the report?

The report is not a custom one (Z*).Its a standard report(miro).

Kind Regards,

Jituda

Go to solution
Former Member

‎11-17-2009 9:21 AM

0 Kudos

Hi Jituda,

The possible reasons could be:

- Activity groups have been maintained since you last logged on to the System. To display the new authorizations, log off from the system and then log on again

- The user buffer is too small. Maintain the following R/3 profile parameter: auth/auth_ number_ in_ userbuffer

You can check the authorizations contained in user buffer in SU56 and compare for both the users.

Hope it helps

Good Luck

Rasheed

Go to solution
Former Member
In response to Former Member

‎11-17-2009 8:35 PM

0 Kudos

> 

> auth/auth_ number_ in_ userbuffer
>

May I ask which release you are on and why it should apply here? The parameter has been obsolete for some time now.

More likely in my opinion is that "a report" is a custom one (Z*) and some developer who did not have a functioning authorization concept to feel confident about and /or was too lazy to create roles or find another suitable set of them to re-use for an application object check which the functional consultant possibly did not understand either... decided to create a check table with user names, program names, possibly even some activities and org.levels in it if it is wrapped in a function module... and then uses this blunt tool to raise a "You are not authorized" message.

What they should actually have stated is, 'Please call user & on & for their password' ... because you are logged on with the wrong ID, and then maintained the address data in the table as well for completeness....

However such tables seldom have foreign keys, because they are maintained with SE16 in production.

If this is not the case here, then I will eat my hat...

You can find this in a code scan, or a where-used-list on data elements XUBNAME and UNAME (they should at least have used that as standard, if nothing else).

All round bad idea which seems smart at the time to those who don't stick around for long enough to survive an upgrade and some org changes!

Cheers,

Julius

Go to solution
sbmrafikul2
Participant
In response to Former Member

‎11-18-2009 4:51 AM

0 Kudos

Hi

> More likely in my opinion is that "a report" is a custom one (Z*) and some developer who did not have a functioning authorization concept to feel confident about and /or was too lazy to create roles or find another suitable set of them to re-use for an application object check which the functional consultant possibly did not understand either... decided to create a check table with user names, program names, possibly even some activities and org.levels in it if it is wrapped in a function module... and then uses this blunt tool to raise a "You are not authorized" message.

Thanks a lot.Great information.Let me check with the functional consultant regarding my concern.

One query:-When i assigned a role namely "z_dd"to a user say"xxx" then i do the user comparision for that role.Is this user comparision is different from reconciliation,which you suggest me with the help of tcode PFUD

Kind Regards,

Jituda

Go to solution
Former Member
In response to Former Member

‎11-18-2009 7:37 AM

0 Kudos

When the user gets with message, please check System -> Status for the name of the GUI Screen / Dynpro program. Is it Z*?

Alternately, in the popup you can look at the technical information of the message number and navigate into the code to see where it is coming from.

Just because the user starts transaction MIR0 does not mean that there isn't Z* code in it somewhere (customer exits, badis, enhancement points, modifications).

Cheers,

Julius

Go to solution
Former Member
In response to Former Member

‎12-10-2009 9:15 PM

0 Kudos

>If this is not the case here, then I will eat my hat...

Bingo?