Solved: Authorization to release/delete other user Transpo...

Former Member · ‎02-10-2012

Hi All,

I have a requirement where I have to give authorization to a user where he should be able to release/delete another users transport of Copies in Se01.

I have given activity 75 in S_transprt but when the user tries to release another user TOCs the system still asks the user change the owner of the ToC.

Kindly help!

Regards,

Yasmin

Former Member · ‎02-10-2012

Have you tried adding activities 06 for delete and 43 for release for S_TRANSPRT and request type TRAN?

Former Member · ‎02-10-2012

Have you tried adding activities 06 for delete and 43 for release for S_TRANSPRT and request type TRAN?

Former Member · ‎02-13-2012

The current authorizations are as below:

Activity 01, 02, 43, 75, 90

Request Type (Change and Trans CUST, DTRA, TASK, TRAN

Still wen the user A tries to release other user B TOC the system asks the user A to change the owner.

What authorization so i keep so that user A is not prompted to change the owner and is able to release user B's TOC.

Regards,

Yasmin

Former Member · ‎02-13-2012

Take a careful look at the ST01 trace and tell us what is going on there. There should see at least one entry showing up with the FOR USER extention:

Object -

> Text

S_TRANSPRT RC=??? -

> for_user=???; ACTVT=???;TTYPE=TRAN;

What us the activity here and are there any RC=4 or 12? Does the for_user = 'B' have that access?

Additionally, you should check to see whether the object S_CTS_SADM shows up anywhere?

Cheers,

Julius

Edited by: Julius Bussche on Feb 13, 2012 10:47 AM

For more infos about analyzing FOR_USER constructs, see [SAP Note 1373111 - Improvements to authorization trace|https://service.sap.com/sap/support/notes/1373111]

Former Member · ‎02-13-2012

Hello Julius,

the RC is 0 everywhere. Also there is no object S_CTS_SADM any where in the trace.,.

Though i have object S_dataset.. but the return code is 0 for this object as well.

Also, user A is now able to release user B's ToCs.

But not able to delete. What authorization do i give user A so that its able to delete user B's transport of copies [ToCs]

Thanks,

Yasmin

Former Member · ‎02-13-2012

For the delete activity there is no authorization or FOR USER foreign checks. Only owners can delete their own requests. To delete others, they must first be authorized to allow you to change the owner to yourself --> then you can delete your own request (if authorized as well).

There used to be some old "dirty" reports which let you do this but they are deactivated since a few years now. There is no standard option to avoid this anymore which I am aware of.

Which release are you on?

Cheers,

Julius

Former Member · ‎02-14-2012

Thanks Julius for the help

Former Member · ‎02-10-2012

Does the old owner user ID still exist and have authorization for releasing?

Within the CTS a special construct of the AUTHORITY-CHECK statement is used. The checks on the objects are extended with the ABAP syntax "FOR USER <user>.

This means that "foriegn" authority checks are performed against the target users (such as the current owner) to determine whether you can still do things (add them, remove them) to their own requests and tasks. They must have been or still are authorized for it --> to authorize YOU to be able to perform this task "on them".

For example, by addding activity '75' to your user, you are allowing others to relese your tasks. To be able to change the owner, the previous owner must (still) be authorized to change the owner.

Solution: Ask an adminstrator with S_CTS_ADMI authorization to first change the owner. Or if it is organizationally acceptable for you that owners can "switch" ownership amongst themselves, then give them actvt '90' (this lets others "claim" your transports).

Cheers,

Julius

Authorization to release/delete other user Transport of copies