no data to test but how can we determine/prove aut...

Former Member · ‎05-04-2010

Scenario as below:-

Lets say a user is trying to execute transaction ME2L and key in a site.. after executing the system is giving an error saying no suitable purchasing document found. In actual fact there is no data for the selected site but in authorization point of view how do we determine the authorization check will pass through when there is purchasing document created?

I need to prove to user that even there is no data for that particular site the authorization check will go through when there is a data created. I have tried using ST01 trace but to no avail. When there is no data it will not check the object that it is supposed to check. The object is M_BEST_WRK for restricting purchase order based on site. Anyone knows how I can prove to user that the authorization that was maintained in the role is correct and will pass through when the data is available in the system. Appreciate your expertise here. Thanks

Bernhard_SAP · ‎05-04-2010

....how about simulating in debug mode....?

Former Member · ‎05-04-2010

you mean we skip the data part and proceed with the authorization check? but it will not show in ST01 or prove to user that the authorization passes through? appreciate your advise on how to do the simulation if i have justify it wrongly. Thanks

Former Member · ‎05-04-2010

only one solution create test data

Former Member · ‎05-04-2010

You can run debug mode using the switch /h and then set a breakpoint for AUTHORITY-CHECK & cycle through the code. It's not too straightforward to explain so I recommend that you speak to one of your developers & they can show you in 10 minutes how to use debug. It's a very useful tool!

Fabrizio_Irmici · ‎05-04-2010

Hi Jarod,

in my point of view try to follow these two steps

1) Transaction SU53, after the transaction's execution, that shows the missing authorizations object or values in authorization fields

2) Transaction ST01: you have to activate the trace (flag Authorization check) for a while, the user tries to execute the transaction, you stop as system admininistrator the trace and you have to evaluate the result. Check the entries where RC is different from zero.

Regards,

Fabrizio

Former Member · ‎05-04-2010

but debugging won't prove to user that the authorization check actually passes through? is there any other way of tracing or bypassing the data?

Former Member · ‎05-04-2010

Debug will tell you if and where a check is invoked and what it does with the various return codes.

Former Member · ‎05-04-2010

i was asked to prove to user that the authorization check will passes through when the data is there or created.. i need to know a way technically to show to user that the authorization passes through.

Former Member · ‎05-04-2010

OK, thanks for the info. You are unlikely to "prove" it, what you can do is give a good indication. A trace won't help here as it wouldn't necessarily pick up things like authorisation groups. Your only option is to go through the code for the program/s.

You have my sympathy, you are being asked to prove something that many would refuse to do for the reasons you are facing. Good luck!

diwheeler · ‎05-05-2010

Hi there, a couple of things occurred to me:

1 - are you able to replicate this in Acceptance/Staging systems? If so I suggest you go there and play. Get one of your functional guys to help you out to replicate - and even set up some master data there if you have to. Replicate/trace etc.

2 - Do you have any other sites set up pretty much the same that are available to test in your staging environment? If you can't create the master data, use one of them as an evidence on the assumption that if the site is configured the same you can use that to indicate the checks.

Good luck.

Former Member · ‎05-05-2010

I am actually at acceptance system and we are not allowed to create the data even in acceptance system. There is no relevant data on that particular site if not we can actually use any data on that particular site.

Any suggestion beside debugging? is there a trace or anything in the system that I check and prove to users?

Former Member · ‎05-05-2010

Hi Jarod ,

You are trying to execute tcode: ME2L . I would suggest goto SU24 and put tcode : ME2L ( in type of application ) Press F8 .

You will get the execute which will hit for ME2L . Check the Proposal field ,If it "M_BEST_WRK : Plant in Purchase Order" is YES there then simply tcode ME2L is restricted by auth object M_BEST_WRK.

reagrds

Vikas

Former Member · ‎05-05-2010

Hi Vikas,

SU24 is not a reliable indication of what is required to execute a transaction successfully. If it was reliable (and there are a lot of reasons why it isn't / can't / shouldn't be) then we would only have to add org levels to a role for it to work 100% correctly.

Cheers

Alex

diwheeler · ‎05-10-2010

Hi there,

I guess I could have written it better

If you have other purchasing orgs that do exist in your Acceptance environment, that do have items loaded against them, then what you could do is run a trace while executing ME2L to pull up some data that you know exists in acceptance, then you could use that to indicate what auth checks run - even thoguh for a different value.

You can prove with your trace that you do check M_BEST_WRK when you run ME2L for data that already exists in the system in another already existing plant, then on that basis it is logical to run the same check with your new plant once created, and once data exists for it.

That's what I'd do. Good luck,

Cheers,

Dianne

no data to test but how can we determine/prove authorization check passes?