01-10-2012 5:49 PM
Dear Security Gurus,
We are getting an authorization while testing Custom Tcode. This tcode is used for Uploading data.
The authorization error shows missing Activity field value and a field called Operating Concern.
The SU53 and the Trace(ST01) show the same error even though the role that is assigned to the user has exactly the required values.
Also Authority Check in the Program of the tcode is maintained for only the Activity field and Operating Concern field.
Hence we are unable to figure out why the auth. issue occurs even though the role assigned to the user has the missing values
Please let me know how I can resolve this authorization issue.
Regards,
Arjun
01-10-2012 7:22 PM
Hello Arjun,
Could you please write down the exact error?...You have to take into account that the user who runs SAP at OS level requieres autorization to write into that folder in order to upload that file...
Cheers,
Diego.
01-10-2012 9:13 PM
Hello Arjun,
most of the times it happens that in SU53 we cannt find the exact values needed, you should use ST01 in that case.
Please try again, to find the authorization values, if still you cannt find then can you check by debugging the table, where are you getting issue.
Regards,
Amit Barnawal
01-10-2012 10:37 PM
Hi,
Also if it's custom report then you have developer. She can set up break point for abap statement AUTHORIZATION-CHECK and you can figure out which check is performed. ST01 will be probably faster.
Cheers
01-10-2012 11:10 PM
Is it a query with logical database driver program?
Here there are some special check sequences and techniques used which will confuse you.
As it is custom code, you must post your code... and infos about the program attributes.
Cheers,
Julius
01-11-2012 6:16 AM
Hi ,
Below is the Authority check section of the tcode :
START-OF-SELECTION
PERFORM F_AUTHORIZATION_CHECK
AUTHORITY-CHECK OBJECT 'YTIPRC01' ID 'CEERKRS' FIELD P_ERKRS ID 'ACTVT' FIELD '01'
PERFORM UPLOAD_DATA
CALL FUNCTION 'GUI_UPLOAD'
AUTHORITY-CHECK OBJECT 'S_GUI' ID 'ACTVT' FIELD '60'
Even though I have the ACTVT value 01 and the corresponding CEEKRS (Operating Cncern ) Value in the role I still get the error.
Thanks,
Arjun
01-11-2012 7:17 AM
Hi,
check user's authorization buffer in SU56 if user really has authorization for required values.
Cheers
01-11-2012 7:49 AM
That authority-check is not going anywhere as you are not reacting to the result of the check anyway...
What is in the form f_authority_check?
Please post your st01 trace result here so that we can see the sequence and the result. Additionally the name of the main program and whether there is an LDB in the attributes would be interesting.
Cheers,
Julius
01-16-2012 3:42 PM
Hi Martin,
Thanks for the insight.
Clearing user buffer using SU56 resolved the issue.
Thanks,
Arjun