Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Showing results for 
Search instead for 
Did you mean: 

Problem with A_A_VIEW in project system

Former Member
0 Kudos

Format demon strikes again - I will try to get this into readable form asap -


Hi all,

at the moment I have a very strange problem on my desk which I havent found a solution for so far:

In a pretty new system a colleague is trying to release (status FREI) a project which includes an asset in build (AiB).

He enters the CJ20n, selects the project and gets the error message:

You are missing the authorization for the asset view.

SU53 gets us the following:

A_A_VIEW with VIEW 8

Now of course, a check of the A_A_VIEW tells me that only views 1-6 are allowed values for this.

And a trace of his user gets me no abort, but this:

Work Process 0 PID Date: 18.08.2010 Start:17:22:58:54.885Finish:17:22:58:643.127

First Block of Dialog Step Last Block in Dialog Step

Block Version: 99516 No. of Records: 374 File Version: 1

hh:mm:ss:ms Type Lasts(us) Object Text

17:22:58:55 AUTH - - - C_PROJ_KOK RC=0 KOKRS=1000;PS_ACTVT=45;

17:22:58:55 AUTH - - - C_PROJ_PRC RC=0 PRCTR=' ';PS_ACTVT=45;

17:22:58:55 AUTH - - - C_PROJ_VNR RC=0 PS_VERNR=00000000;PS_ACTVT=45;

17:22:58:69 AUTH - - - C_PROJ_KOK RC=0 KOKRS=1000;PS_ACTVT=02;

17:22:58:69 AUTH - - - C_PROJ_PRC RC=0 PRCTR=' ';PS_ACTVT=02;

17:22:58:69 AUTH - - - C_PROJ_VNR RC=0 PS_VERNR=00000000;PS_ACTVT=02;

17:22:58:442 AUTH - - - C_PRPS_KOK RC=0 KOKRS=1000;PS_ACTVT=02;

17:22:58:442 AUTH - - - C_PRPS_PRC RC=0 PRCTR=' ';PS_ACTVT=02;

17:22:58:442 AUTH - - - C_PRPS_VNR RC=0 PS_VERNR=00000000;PS_ACTVT=02;

17:22:58:442 AUTH - - - C_PRPS_ART RC=0 PS_PRART=01;PS_ACTVT=02;

17:22:58:442 AUTH - - - C_PRPS_KST RC=0 PS_FKOKR=' ';PS_FKSTL=' ';PS_ACTVT=02;

17:22:58:457 AUTH - - - A_A_VIEW RC=4 VIEW=1;

17:22:58:457 AUTH - - - A_A_VIEW RC=4 VIEW=2;

17:22:58:457 AUTH - - - A_A_VIEW RC=4 VIEW=3;

17:22:58:457 AUTH - - - A_A_VIEW RC=4 VIEW=4;

17:22:58:457 AUTH - - - A_A_VIEW RC=4 VIEW=5;

17:22:58:458 AUTH - - - A_A_VIEW RC=4 VIEW=6;

17:22:58:458 AUTH - - - A_A_VIEW RC=4 VIEW=7;

17:22:58:458 AUTH - - - A_A_VIEW RC=4 VIEW=8;

17:22:58:462 AUTH - - - C_PRPS_KOK RC=0 KOKRS=1000;PS_ACTVT=02;

17:22:58:462 AUTH - - - C_PRPS_PRC RC=0 PRCTR=' ';PS_ACTVT=02;

17:22:58:462 AUTH - - - C_PRPS_VNR RC=0 PS_VERNR=00000000;PS_ACTVT=02;

17:22:58:462 AUTH - - - C_PRPS_ART RC=0 PS_PRART=01;PS_ACTVT=02;

17:22:58:462 AUTH - - - C_PRPS_KST RC=0 PS_FKOKR=' ';PS_FKSTL=' ';PS_ACTVT=02;

... and so on and so forth

His profile includes a role with A_A_VIEW = * by the way.

Another colleague is able to do this, but he practically possesses SAP_ALL, so this is of no real help for the search and I do not want to provide this user with SAP_ALL, but rather find out where the problem actually is.

Anyone has any ideas? Pretty please?

Edited by: A_Security_Guy00 on Aug 18, 2010 5:58 PM

7 REPLIES 7

Former Member
0 Kudos

The trace is saying that the user has an authorization for the object but no values.

So the authorization is corrupt?

ps: please only post relevant parts of traces, otherwise long posts toast the formatting.

Edited by: Julius Bussche on Aug 18, 2010 6:10 PM

0 Kudos

Actually, he has values. For A_A_VIEW he has star rights (*)

The problem maybe solved though. I assumed (bad, BAD, never assume!!) that this person has the asset management rights and some knowledge on its usage, since I was contacted with a technical probelm by them quite late in the process.

This, he did not have. So the problem can hopefully be solved by giving him the right to create assets in build.

I'll get back here, when I am done providing him with the needed minimum rights.

0 Kudos

> For A_A_VIEW he has star rights (*)

No he doesn't.

> I'll get back here, when I am done providing him with the needed minimum rights.

This has been done before and is known to work - so you are not alone

Cheers,

Julius

0 Kudos

Yes, he does. I have access to his user profile and have checked it prior to all this of course.

I wouldnt come here with a minor auth problem. Been doing this for quite some years after all

0 Kudos

So he has full rights (*) and these are failing and to get it to work you will now give him even more? Sorry, I don't "get it"...

But, if this ever does happen to me then I will remember this thread and come back to it for help from you as you seemed to have closed it as answered.

Cheers,

Julius

0 Kudos

Have you even read what I wrote above? Sarcasm is not helpful, so I wonder what you are about here.

So once again, for the slow reader:

He has A_A_VIEW with *

He is trying to release a project with an AiB using the CJ20n

He is getting the message he is missing the authorization on the view, which he has though.

Even stranger, the missing view needed is 8 , which A_A_VIEW doesnt allow as value.

What he didnt have and what I assumed he does, is the right to create an asset in build. Which he has been assigned and it works now.

So yes, I answered the question.

The SU53 was misleading, since it reported an object which he had full rights to.

Feel free to come back to this thread, if it helps you. But please without sarcasm, which is simply disrespectful and unneeded.

0 Kudos

If you spotted the sarcasm then I hope you appreciate the contradiction at least...

SU53 is saying that the last failed check is view 8 of A_A_VIEW. So it is not masking anything.

ST01 is saying that the first failed check is view 1 of A_A_VIEW. So it is not falling back on this check from some authority not being strong enough.

Between 1 and 8 is 2, 3, 4, 5, 6 and 7 which all relate to A_A_VIEW and the system is saying that the user does not have the required authority for it.

This is not possible - not without overwriting the call stack between the check and the trace and the user memory, which I can't see happening in Asset Accounting programs...

Cheers,

Julius