12-16-2009 12:40 PM
HI,
I have one general question. One user is a trying one T-code, and he is getting the error message as you are not authorized, then he is sending SU53 Screen shot for the same. Then it shows one T-code.
But when we check the user access the user has access to the T-code, then what could be the issue? how to fix this?
Plese explain me.
12-16-2009 1:18 PM
Hello,
you should check the object that should grant authorization to the user to the mentioned TCODE (role or profile): if the TCODE is contained in a role and the user is assigned to that role, you should check if the authorization profile for that role is generated correctly (tab "Authorization" in transaction PFCG), or if the user is correctly assigned to the role (tab "User" in transaction PFCG --> check the validity date of the assignment). Then you should also check if the authorization object S_TCODE contains the transaction you are having issue with.
On top of that, if the role containing the transaction was modified and generatedd while the user was logged, he could have lost authorizations until the next log-on.
Hope to be useful.
Best regards,
Andrea
12-16-2009 1:14 PM
> I have one general question. One user is a trying one T-code, and he is getting the error message as you are not authorized, then he is sending SU53 Screen shot for the same. Then it shows one T-code.
It shows a failed authorization check on the S_TCODE object with the actual transaction in the TCD field?
> But when we check the user access the user has access to the T-code, then what could be the issue?
In which way did you establish that the user does have acces to this transaction?
What version and Sp level are you on?
12-16-2009 1:18 PM
Hello,
you should check the object that should grant authorization to the user to the mentioned TCODE (role or profile): if the TCODE is contained in a role and the user is assigned to that role, you should check if the authorization profile for that role is generated correctly (tab "Authorization" in transaction PFCG), or if the user is correctly assigned to the role (tab "User" in transaction PFCG --> check the validity date of the assignment). Then you should also check if the authorization object S_TCODE contains the transaction you are having issue with.
On top of that, if the role containing the transaction was modified and generatedd while the user was logged, he could have lost authorizations until the next log-on.
Hope to be useful.
Best regards,
Andrea
12-17-2009 3:35 AM
Hi,
kindly recheck again using transaction SUIM > transaction > executable for user
compare this result by checking each role attached to the user. beside checking authorization and user tab as previously explained by abrusa, you also have to check on menu tab, user search button to find the tcode causing error, is the tcode exist there ? afaik, (tcode) entry on S_TCODE is not sufficient for granting a user access to that tcode, you should keep permissible tcode here ("menu" tab)
hope it help you,
rgds,
Alfonsus Guritno
12-17-2009 7:10 AM
Check the users role which is granting him access. Is the user comparison for that role already done. If not do the user comparison.
If not check the SU56 buffer for the user, check if that Tcode is not there. If its not theres an option to reset his authorization buffer from there. Maybe that will help here.
Regards,
CP
12-17-2009 7:22 AM
If nothing helps, run an authorization trace on the user Id(ST01) and check what authorization are missing and then analyze it further.
Also what is the Tcode which user is trying to access??
12-17-2009 1:08 PM
Hi,
Generate that role again in SUPC and do user comparison in PFCG then you can check with user !
12-17-2009 2:23 PM
Pavitra,
As understood your user is assigned wit the tcode but still he is unable to eecute the transaction.
Problem could be that while executing a tcode there would be many auth objects which are being checked by system you can get the list of auth objs being checked using ST01 trace. It can happen that though tocde is assigned to user he/she cannot run it successfully as few of necessary auth objs needed to start this tcode are not present in the tcode or may be having incorrect auth field values.
In doubt, use ST01 and see what all objects are being checked for your tcode. check the return odes in trace and act accordingly. IT is a good pratice to rely on ST01 to get a better picture than compared to su53.
Regards,
Brahmeshwar
12-17-2009 5:12 PM
Most likely the message is that You are not authorized to use tcode & ...
Use the tcode, not start the tcode...!
Cheers,
Julius