Solved: Auhtorisation value $$ in SU53

Former Member · ‎02-19-2007

Hi,

We're using R/3 version 4.6c and in testing we get an SU53 that is looking for value $$ in the object type field of object PLOG.

Does anyone know what the value $$ represents in this field?

Many thanks for any help you can provide,

Former Member · ‎02-21-2007

Hi Tom,

I believe, if $ is in a field value...means full restriction / no value.

Thanks,

Praveen

Former Member · ‎02-19-2007

I believe it is looking for the Plan Version (PLVAR) field value. Get this value either from your Workflow team or the HR Config Team.

Regards,

Laxman

*Pls award points if my answer was helpful.

Former Member · ‎02-21-2007

Hi Tom,

I believe, if $ is in a field value...means full restriction / no value.

Thanks,

Praveen

dhorions · ‎02-21-2007

A colleague of mine explained it to me once.

It has something to do with the fact that hrp1001 is read in blocks of 4K,

and fills the remainder of the last block with '$$'.

Don't ask me to explain this, but maybe you can use this in the search for an answer.

WolfgangJanzen · ‎02-21-2007

No, there is no such rule. $ is an ordinary value with no special meaning - at least not in general. You need to check the description of the authorization object; there might be some <b>application specific</b> "special values".

Regards, Wolfgang

Former Member · ‎02-22-2007

Hi Tom,

$$ value in the object type field of auth.object PLOG represents it will take any value i.e., at run time you can enter any value.

Suppose object type has values : C, O, P, RY, S, T, TS, US, WF, WS

If we give the $$ value instead of giving the values like i mentioned above, it will accept all the values.

Regards,

Ashok

"Award points if it really helpful"

WolfgangJanzen · ‎02-22-2007

That sounds weird. If this is really the case, then the application developers might not have understood the authorization check concept.

As documented in the ABAP online help it is possible to instruct the system not to check certain fields of an authorization object when performing an AUTHORITY-CHECK by using the DUMMY construct. The system will then only compare requested values (i.e. arguments of the AUTHORITY-CHECK statement) with provided values (i.e. authorization values assigned to the user) for the other authorization object fields.

Regards, Wolfgang

Former Member · ‎02-22-2007

This really happens for PLOG. The $$ indicates null value. I have got this type of scenario where in PLOG was left as $$ and it indicates a blank value.

If it is $$, and if the transaction is executed then the user shall get the error message in SU53 screen. Hence it is always recommended to have some values entered in case of $$.

WolfgangJanzen · ‎02-22-2007

Well, an empty value is not identical to a non-existing one.

AUTHORITY-CHECK OBJECT <obj> ID <field> FIELD SPACE

is different from

AUTHORITY-CHECK OBJECT <obj> ID <field> DUMMY

If the application has decided to handle ' ' (SPACE, 2 characters) identical to '$$' then this is o.k. - it makes it more visible that an empty value is expected.

Of course it makes a difference whether you demand that a field should have a certain value (irregardles whether this is an empty value or the value '$$') or whether you specify that the value of a certain field is irregardless for the result of an AUTHORITY-CHECK (which you express when using the "DUMMY" expression, see above).

Former Member · ‎03-08-2007

Thanks for all the help.

Having played with the role I'm building, I'm still getting the $$ value in the SU53, but this is only when a structural authorisation is applied to the user, is it possible that the $$ refers to these authorisations?

If so is there any way of tracing authorisation checks against structural authorisations?

Many thanks,

Tom.