10-09-2012 4:57 PM
Hi Experts,
I have ME21N provided as range (G* to ME23*) in my role.This role is assigned to the user.
Now user should have access to ME21N but he is unable to execute ME21N
Now when I execute report S_BCE_68001426,the transaction doesn't appear in the list of executable transactions for the user.Ideally it should as it fetches tcodes from S_TCODE only.
However,if we run S_BCE_68001398 ,user appears in list of users authorized to execute the tcode ME21N.
Any suggestion please.
Peeyush
10-10-2012 8:42 AM
10-09-2012 7:53 PM
Hi Peeyush,
I have a suggestion to you: have a look at the authorization objects which are checked to the affected transation through SU24. Notice that the user should have authorization to each one of these objects besides the transaction itself.
I hope it helps you.
Best regards,
Felipe Fonseca.
10-09-2012 8:07 PM
Hi
That is not possible. Just check the whole in S_TCODE and also check in table AGR_1251 with the help of that role what are the transaction code exist in that role.
Also check the user profile if any other profiles have been assigned and make a note to perform the user comparsion.
An important note is it is not enough to provide only the transaction code and we need to provide also the relevant authorization in thier auth objects.
If you can't able to find the solution just put a trace and find the same.
hope this helps and let me know if you have any queries.
10-10-2012 1:17 AM
Hi,
there is additional auth. object M_BEST_EKO assigned to transaction ME21N. You can check it in SE93. So the system checks for S_TCODE and M_BEST_EKO when starting transaction. This might be stopping user from running this app. The easiest way to see is to run auth. trace ST11.
Cheers
10-10-2012 8:42 AM
10-10-2012 11:28 AM
Hi All,
Thanks for your valuable inputs.
I agree there are other objects which the user will need to run the tcode.
My main concern is not that the user is unable to run the tcode ME21N but why both reports are showing different results.
When I execute report S_BCE_68001426,the transaction doesn't appear in the list of executable transactions for the user.Ideally it should as it fetches tcodes from S_TCODE only.Other tcodes S_TCODE (range G* to ME23) do appear in the report but not ME21N.
However,if we run S_BCE_68001398 ,user appears in list of users authorized to execute the tcode ME21N.
Also if I check in report S_BCE_68001425,same role appears for the user ( selection made Auth Object -S_TCODE Transaction code:ME21N)
Peeyush.
10-10-2012 12:06 PM
Hi Peeyush,
As per my understanding, the executable tcodes as given in report S_BCE_68001426 ( not showing in my version 7.02) are checking auth Object too defined in tcode SE93.
Check if ME21N has Object defined there and the same Object is available in SE93 - tcode ME21N.
Other reports just check S_TCODE without checking full authorization.
Regards,
Sabita