Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Showing results for 
Search instead for 
Did you mean: 

Issue with authorization objects

Former Member
0 Kudos

Hi,

We are running on ECC 6 . There is an issue while adding t-codes to a role.

When we add a transaction code in the Menu tab, for eg, a Z transaction code, it throws up a whole lot of open authorization objects under the authorization tab (open authorizations under FI, MM, so on). The open values proposed are all the default values in SU24. This happens even if we use the 'Read old status and merge with the new'. Our check indicator maintenance for all t-codes seem to be fine. Pls advise.

Cheers!!

1 ACCEPTED SOLUTION

Former Member
0 Kudos

So where is the question?

8 REPLIES 8

Former Member
0 Kudos

So where is the question?

0 Kudos

>

> So where is the question?

I guessed at "pls advise."

0 Kudos

We should offer a multiple-choice checkbox option for questions like this..

I still don't get it!

Cheers,

Julius

0 Kudos

Hi,

My apologies !! My question is why is it that by adding a 'Z' transaction code does it throw open authorization objects unrelated to it. I did a little research. Pls see my findings below.

As Julius suggested, this is a normal behaviour where the entire t-codes added are evaluated and the relelvant authorization objects are asked to maintain. The default values (SU24 values) are once again populated if they were not maintained during the earlier maintenance. Pls correct me if I am wrong. Thanks very much for your time.

Cheers!!

0 Kudos

> The default values (SU24 values) are once again populated if they were not maintained during the earlier maintenance.

They are populated again if they were deleted during the earlier maintenance or are in a changed status of the original authorization where new values in SU24 are proposing something different.

That is why you should never delete standard or maintained authorizations and try to avoid the copy & change strategy by maintaining SU24 to meet your needs.

It shounds like SU24 is not as "fine" as you have stated before hand.

Cheers,

Julius

0 Kudos

Thanks Julius !!

jurjen_heeck
Active Contributor
0 Kudos

This is standard behaviour. SAP doesn't consider the one transaction you've added but re-evaluates the whole menu for the role.

Former Member
0 Kudos

Looks to me Yellow trafic light problem where the security administrators have changed the Standard Auth object to CHANGED by modifying it directly instead of :

1. Making a copy of Standard Auth object

2. Making the standard Auth object inactive

3. And then doing the change in the copy of that standard Auth object.