Hi Manisha,

Yes, I was on the same application server & the filter had been applied properly.

I got lot of records in the trace, but that particular check( because of which the user is facing the problem ) was missing.

Let me give you the complete background.

One user is running PA20 & trying to see the IT0002. The user is able to see some fields, but not all( Additional Data section ). And getting the message" Data hidden by screen modifications ".

I checked the user's access. She has

P_orgin with

AUTHC=M, R;

INFTY=0002;

PERSA=*;

PERSG=*;

PERSK=*;

SUBTY=' ';

VDSK1=*

I'm stressing only on P-orgin because, during debugging it has been found, a customized auth check( user exit ) for P-orgin is causing the problem. And this has been confirmed by creating the same scenario in a non-prod system. I just made SUBTY=* & the problem got solved.

Initially I was thinking, this is not an auth issue because, I was getting SUBTY=' ' everywhere in the trace & we can see the user has that already.

So..... if SUBTY=* was required, then why I didn't get that in the trace?

Thanks.

Regards,

Sachhidanand Rankhambe

>

> If SUBTY = * has solved the problem then the exact value needed should come up in the trace log .  SUBTY= ' ' in the trace >doesn't mean that this is not there in the role or it is there unless and untill we check the Return Codes too for the trace log.

Hi,

That's not always the case. There are a few scenario's where the code will proceed after finding the value it needs rather than looping through a load of permutations that we are used to.

Hi Alex,

Thanks for the correction but before the value * was given to SUBTY , if there was a value needed in place of ' ' , shouldn't that be coming in the trace log ?

Regards,

Manisha

Hi Manisha,

It depends where the check for the * was performed. It's not uncommon when evaluating HR tcodes where there is an evaluation for * in auth objs and if it has it (when checked early on) you don't get the following checks that you typically see in FI, MM etc.

Cheers

Alex

Edited by: Alex Ayers on May 14, 2010 11:05 AM

Hi Alex,

Thanks again for the clarification but I guess my question has been misinterpreted. What I'm trying to say is that if giving the value SUBTY=* has solved the problem for the user now, then, earlier when * was not given and the issue was there, then, the trace log should have showed which value is needed , right?

Thanks and Regards

Manisha

Hi,

You are right, I thought you were talking about something else (not sure why as it makes sense reading the question again). You would expect the value to be at least shown prior to the check being performed on the auths. I got it mistaken with subsequent checks after the correct auth had been found - prevalent in many areas but not so much in HR.

Cheers

Hi Anjan,

I compared the parameters of the user having problem with the user having access. They were same.

Thanks.

Regards,

Sachhidanand Rankhambe

Hi Julius,

Here is the code.

CALL FUNCTION 'AUTHORITY_CHECK'

EXPORTING

field1 = 'INFTY'

field2 = 'SUBTY'

field3 = 'PERSG'

object = 'P_ORGIN'

user = sy-uname

value1 = z_infty

value2 = '99'

value3 = z_persg

EXCEPTIONS

user_dont_exist = 1

user_is_authorized = 2

user_not_authorized = 3

user_is_locked = 4

Sorry, I'm almost zero in ABAP. So unable to comment.

Hopefully you will find something non-sense in this code. Otherwise my confusion will get increased.

I checked Shdstusr, no entries.

Thanks.

Regards,

Sachhidanand Rankhambe

Hi,

As far as I can see the value for the field SUBTY has been hard coded as 99 in the ABAP Code , that's why once you gave * , it worked fine . So, the exact value which was needed is 99 for the field SUBTY .

Hope this helps.

Regards,

Manisha

Hi Manisha,

You are right, even 99 is working.

But again..... why its not appearing in the trace? Can you throw some light on this?

Thanks.

Regards,

Sachhidanand Rankhambe

Check in the coding prior to the CALL FUNCTION how the fields are typed (structure XU180 field VALUE is correct). If the syntax is not correct, the function module will not be called correctly or at all.

For hardcoding SUBTY try using 2 spaces before the value:

 value2 = '  99'

... or define the authorizations in the roles as '99*', however I am not sure whether that will work for this function module. You would need to debug it to find out.

But anyway... the function module is now obsolete, anyway not released and intended for a different purpose.

Why don't you just make a normal authority-check statement against P_ORGIN which will automatically type the fields? This would save you the conversion gymnastics..

Cheers,

Julius

Hi Manisha,

The trace contains around 1600 records. Too big to send.

But trust me, no record with SUBTY=*/99.

Please let me know if you get any hint after checking Authority_check.

Thanks.

Regards,

Sachhidanand Rankhambe