authorization problem with infoobject ...user not ... - SAP Community

Application Development Discussions

Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.

i created a query and assigned it to role allusers. when the user tried to execute the query, he got not authorized for infoobject ZXXXX. so i did SU53 and it shows

it is checking for S_RS_IOBJ and the user master record has 0* Z* and Y* for infoobject and 0* Z* for info object catalog and DATA for subobject of infoobject.

this infoobject is not marked authorizaton relevant. ( i checked in RSD1). I am able to run the query but not the users ?

i went to RSSM, and verified the info in su53 log. in ST01 i can run trace only for myself . not for other user...hw to go ahead with this problem. this is a basic query and the user profile has the role allusers.

> points will be assigned for inputs

SAP Managed Tags:
Security

3 REPLIES 3

Did you also give access to the Other S_RS...... objects??

S_RS_IOBJ only is not enough, play around with the others and find whichones are really needed, (depends of BW version)

SAP Managed Tags:
Security

hi Auke Visser,

I ran the su53 and it shows only one difference. in the authorization object, the subobject of infoobject is supposed to be DEFINITION. and the user has subobject of infoobject as DATA.

so what does subobject of infoobject , DATA and DEFINITION mean?

is it something that security should deal with? I am BW guy and doesnt know much about security..plz help me

> points will be assigned for inputs

thanks

aravind

Message was edited by:

ravi a

SAP Managed Tags:
Security

Ravi

yes surely let security deal with this as this is their job!

The subobject can also be the problem, but your security admin should know.

IN BW the outcome of SU53 is poor, so do not rely on that

SAP Managed Tags:
Security