Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Authorization check successful even if user doesn't have the authorization

Go to solution
Former Member

‎07-13-2011 8:54 PM

0 Kudos

Hi Experts,

We're trying to restrict Goods Receipts by movement type. One of the security roles doesn't have movement type 501 (auth object M_MSEG_BWA). However, when a user is assigned this role, he is still able to perform 501 movement type goods receipts.

The authorization trace indicates a "reason=b" on the authorization check:

M_MSEG_BWA RC=0 reason=B;tcode=WPED;ACTVT=01;BWART=501;

The authorization does not come from any other roles assigned to the user account.

Does anybody has any idea what that "reason=b" is? Is there a way to make sure that SAP does not grant authorization when the user doesn't have it?

We're on ECC 6.0

Thanks!!

JY

1 ACCEPTED SOLUTION

Go to solution
mvoros
Active Contributor

‎07-14-2011 12:19 AM

0 Kudos

That object is deactivated in SU24 for that transaction. Check note 1373111 for all reason codes.

Cheers

2 REPLIES 2

Go to solution
mvoros
Active Contributor

‎07-14-2011 12:19 AM

0 Kudos

That object is deactivated in SU24 for that transaction. Check note 1373111 for all reason codes.

Cheers

Go to solution
Former Member
In response to mvoros

‎07-14-2011 1:56 PM

0 Kudos

It worked.

Thanks