03-19-2010 11:42 PM
Friends,
Role with the ZFITIC_P2P tcode has been assigned to user.
But still user is getting the error message : " No authorization to exucute ZFITIC_P2P Transaction code"
Action Taken :
Run PFUD job again.
Refresh the user's buffer.
Ran the User Compar for the Role also.
Still if I go to SUIM ->> Transactions -> Executable by User -> List of T codes does not show ZFTIC_P2P Transaction.
Any suggestions...
Thanks,
Pranav
03-20-2010 2:50 AM
Are you sure that the role contains authorization S_TCODE for your transaction?
Cheers
Remove false statement. Edited by: Martin Voros on Mar 20, 2010 4:01 AM
03-20-2010 3:01 AM
Hi Pranav,
Running a trace(ST01) or analyzing the SU53 screen shot will help you to trouble shoot this. Please search this forum on how to troubleshoot authorization issues and I am sure you will get lot of information.
03-20-2010 3:04 AM
>
> Still if I go to SUIM ->> Transactions -> Executable by User -> List of T codes does not show ZFTIC_P2P Transaction.
>
> Any suggestions...
>
If this last point is not showing the TCode for the user id to be executed then the TCode is no more available for that user from any of the roles assigned to the user. Else, it may happen the Transport carrying this TCode has been overwritten by another transport which is containing some change and these Transports were not imported with proper order. This need to be checked in the system. Will get back to with the result after I see them in the system.
regards,
Dipanjan
03-20-2010 4:00 AM
Hi Pranav,
I agree with Dipanjan. Better to check role authorization data and also search role having this t.code and then compare with user authorization roles.
Go for object serach S_TCODE manually as well apart from menu search with and without assignment of user and also check for particular user facing the issue.
03-20-2010 4:54 AM
As other said, and your SUIM report where u cannot see it under tcodes excutable for user..
could you please check tcode excutable for the particular role you assigned to user..
seems its not there in role.
Thanks,
Prasant K Paichha
03-20-2010 1:31 PM
Yes the I checked the T code for Role in AGR_1251
It is not showing up in the Role.
From
PT.
03-20-2010 2:09 PM
Hi,
There are several possibilities why a user is not able to run the transaction that he is authorized for. Look in the user and the role tab, has the role a green light. It can be that the role was edited at the time that you synchronized the users, perhaps the user has to many profiles(roles). You can look in transaction su56 and change it to the user with problem and authorization s_tcode. Look into the values what you are allowed to, it can be very helpfull. For the rest you have had already a lot of suggestions.
Have fun
Bye Jan van Roest
03-20-2010 7:56 AM
Take a look in SE93 for an additional authorization check at t-code start.
This was the precursor to the S_TCODE check to execute the transaction. Many transactions have a "plausibility" object and mild activity check in them, otherwise you have no reason to proceed further anyway. Some old ones even have the S_TCODE itself still in it.
However you do not need to know that to be able to do a basic trace or SU53 as stated by the others.
Cheers,
Julius
03-20-2010 1:27 PM
Thanks Julius for your note.
The t code is not showing up in the S_TCODE, however I do see in Menu tab.
The Menu tab and Auth Tab is showing up green light.
Dipanjan,
The transports were moved in the right order in PRD.
The AGR_1251 is not showing any value for the S_TCODE as well.
Thanks,
PT.
03-20-2010 8:20 PM
In addition to the transport order where the single role might be in a different composite, you should consider that changing the menu after having previously created a transport request will not add the new generated profile data to the TP request at the time when you release the transport - but it will add the menu items.
Please take a read through this thread:
Did you make any further changes before releasing the transports?
It is best to only create a transport when you are ready and release them without delay to to tested. If you are brave then you can regenerate in the target system, but you should ensure that your SU24 data is identical and the role was intact: only "old" authorizations and nothing new was introduced or deleted.
Cheers,
Julius
03-21-2010 2:01 AM
Did you check the Transport number which is containing the Custom Tcode has been successfully imported into the target system or not? If this is done properly then, please check Transport containing the role(s) with this TCode are imported into the target system or not. This should have been done in the order as stated.
I presume the Transport containing the TCode has not been inported into the target system or may be with error.
Please check with the basis team and developer with the transport number. You can search for the Transport containing this Tcode from the table E071. Then check the contents of the transport (in SE10) in both target as well as dev system.
Regards,
Dipanjan
03-22-2010 12:19 PM
Yes Transports were moved to PRD in the order that were provided to us.
From
PT.
03-22-2010 12:48 PM
Hi,
Ask user to run SU53 and it will give you the authorizations missing.
Sometimes the tcode is assigned to user via role but due to missing authorization value he is not able to execute the tcode.<Personal experience - was mad about this>
Warm Regards,
Rajesh
03-22-2010 1:31 PM
Hi Pranav,
I had similar experience once. I found that Authorization Object S_TCODE was not taking any additional T codes that were being added in the menu, but it was there in the menu. You can do this:
1. Add Authorization Object S_TCODE manually in the authorization data
2. Add that particular T code in that newly added S_TCODE "manually"
It worked for me. Try it
Regards,
Siddhartha
03-22-2010 5:06 PM
Hi Siddharth,
Thanks for the update but, I do NOT see any reason to insert Auth Object manually.
SAP Application should be able to pick up the Auth Object from Menu entries.
From
PT.
03-22-2010 5:25 PM
Hi Pranav,
I agree with you that there is no reason to add S_TCODE manually. In my case, there were many transactions in S_TCODE for that role. So it was not adding any transactions automatically. Hence, I tried inserting S_TCODE manually & added that new t code to maunually added authorization object & it worked.
If the role where you are adding this new t code already has several other t codes, try doing as suggested.
It may help & work. This could be an exceptional case
Regards,
Siddhartha
Edited by: Siddhartha Varma on Mar 22, 2010 6:26 PM
03-22-2010 4:53 PM
Are you sure that "ZFITIC_P2P" is in fact an executable transaction?
Try run it with another user who definately has the full transaction / authorizations.
If it still fails, then you will need to go looking in the coding behind the transaction (start in SE93).
A possibility is an additional check against a transaction code in the programming or some other invention (e.g. checking the user ID names against a list but still raising this misleading message).
Shouldn't happen, but....
Cheers,
Julius
03-22-2010 6:49 PM
03-22-2010 6:56 PM
Creating a new mass transport with the current profiles would be the correct approach -> report PFCG_MASS_TRANSPORT.
Deleting the transport requests to be able to "re-import" would not be the correct approach.
Just wanted to say that, just incase.
Cheers,
Julius
03-22-2010 7:07 PM
Julius
I do not think we really need to recreate the New MASS Transport since it is NOT the correct approach to resolve the
TMS related issue.
Re-importing with same data and co-files with the right order would be the right approach to remove any possibilities
of buffering issues on app servers.
Take care,
PT.