Solved: Single quotation marks in values for S_TCODE

Former Member · ‎04-17-2013

Hi There,

I have seen the following values for the field TCD of the authorization object S_TCODE (Transaction Code Check at Transaction Start):

' '

'FDT_SHOW_DB'

Does anyone know what those values mean when used in S_TCODE ?

For the first value (single quote + space + single quote), it seems that it does not allow you to start any transaction.

For the second value (FDT_SHOW_DB inside single quotation marks), it seems that it allows you to start transaction FDT_SHOW_DB. So the question here is that why we put the single quotation marks around the transaction name?

Could someone please explain ?

Regards,

Goodyear

Former Member · ‎04-17-2013

I agree with Julius, it looks like someone has entered them incorrectly (manually or programatically)

How old are the roles?

Former Member · ‎04-17-2013

This must be coming from your own code, so from the trave you van navigate to the source and from there find the developer...

Cheers,

Julius

Former Member · ‎04-17-2013

I agree with Julius, it looks like someone has entered them incorrectly (manually or programatically)

How old are the roles?

Former Member · ‎04-17-2013

Hi Julius, Alex,

I am pretty new to the SAP authorization topics so please bear with me if I am asking something that is obvious to you guys.

Are you guys saying that those values should not be there ?

I understand that the value ' ' in authorization values are for the system to check against DUMMY in the ABAP statement AUTHORITY-CHECK. Since authorization object S_TCODE is for the system to check against when user starts a transaction, I really don't see the how/why ' ' can be used here.

I don't know where the ' ' came from in my roles.

The value 'FDT_SHOW_DB' seems to be the default value defined in tables USOBT and USOBT_C. When I created a role and added the transaction FDT_SHOW_DB to my role, the role generator automatically add the authorization obect S_TCODE to my role and set the values FDT_SHOW_DB and 'FDT_SHOW_DB' to the field TCD.

Regards,

Former Member · ‎04-18-2013

If they are in the role as standard status auths, then they came from Su24. Check the where-used-list.

In SU24 for the transaction proposing it, you can compare to SAP values (SU22). If they are from SAP, then you should report it to SAP and not to SDN... 🙂

Cheers,

Julius

Bernhard_SAP · ‎04-19-2013

in addition to Julius...:

sigh....
the wrong proposal for FDT_SHOW_DB is coming from SAP...

This has definitely to be reported to SAP (component = BC-SRV-BR )

Regarding the empty (' ') value: if it is not inserted from SU24 like the FDT_SHOW_DB -value, please check KBA 1524185. (...if you are talking about an S_TCODE authorization with status 'Standard' ).

to check from which proposals values are inserted into pfcg you can use the where-used function in PFCG - its behind the 'mountain with sun' button next to the auth-name (first set your settings through the menu-options to display all the buttons...Menu-Utilities-Settings->check all fields)

b.rgds, Bernhard

Former Member · ‎04-19-2013

Regarding ' ', a possibility is also that the S_TCODE is standard but yellow. This happens to SPRO_ADMIN roles and upload / download roles between different component type systems.

To solve it you have to find the non-existing tcode(s) in the menu and delete them.

Then it will turn green.

Cheers,

Julius

Former Member · ‎04-22-2013

Hi Bernhard, Julius,

Thank you very much for your replies. They are really helpful and I appreciate your help very much.

So to conclude:

1) The values ' ' and 'FDT_SHOW_DB' should not be in the values for the field TCD of authorization object S_TCODE.

2) The reason that they sometimes do appear could be due to SU24 proposal, our own code or SAP note 1524185.

Regards,

Goodyear