on 06-26-2013 7:11 AM
Hi All,
I am facing an issue with " Read old Data and merge with new Data option " in PFCG. The issue is described below.
I have created a Role in which i added a t-code SU01 and this t code has got the below authorization default values for the object S_USER_SAS being maintained.
S_USER_SAS < Standard new>
ACT_GROUP: < EMPTY >
ACTVT : 01,06,022
Class: ABC
Profile: < EMPTY >
Subsystem : < Empty >
and this particular object has been added into my newly created role and i have maintained this object as below.
S_USER_SAS < maintained new >
ACT_GROUP: Z_SD_TEST
ACTVT : 01,06,022
Class: ABC
Profile: *
Subsystem : *
After which i have added a tcode Su10 and this t code has got the below authorization default values for S_USER_SAS.
S_USER_SAS
ACT_GROUP: < EMPTY > <Standard new >
ACTVT : 01,06,022
Class: Super
Profile: < EMPTY >
Subsystem : < Empty >
So the above object has been added into my role and i have maintained the object as below.
S_USER_SAS < maintained new >
ACT_GROUP: Z_MM_TEST
ACTVT : 01,06,022
Class: Super
Profile: *
Subsystem : *
and finally below are the objects which are in my role.
S_USER_SAS<Maintained >--SU10 S_USER_SAS <Maintained>-----SU01
ACT_GROUP: Z_SD_TEST ACT_GROUP : Z_MM_TEST
ACTVT : 01,06,022 ACTVT : 01,06,22
Class: Super Class: ABC
Profile: * Profile : *
Subsystem : * Subsytem: *
Now when i remove the t code SU01, the maintained authorization S_USER_SAS which is coming from SU01 is not getting removed, rather it is showing me the status as below.
S_USER_SAS <maintained New> S_USER_SYS < Maintained Old >
Act_Group: Z_MM_TEST Act_Group:Z_SD_TEST
ACTVT:01,06,22 Actvt: 01,06,22
Class:ABC Class: Super
Profile : * Profile: *
Subsystem:* Sub System: *
Could you please let me know why even after i am deleting the t code Su01 from Role Menu , the transaction whose authorization default values caused the maintained authorization has to be removed, but it is not done.......
Thanks and Regards,
Nagarjuna Srivatsa.
Hello Nagarjuna,
Did you have the opportunity to check note 113290?
Regards,
Felipe Fonseca
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi,
Try to delete the tcode from Menu tab --- in the respective role.
Check if this way, you shall see that the authorization class as well as objects relating to that tcode are removed from 'Change role: authorizations screen'.
Else, the best thing is in the change role authorizations screen --goto Utilities --> settings and check mark
>Delete Field contents and also technical names if not check marked.
Now, try to " Deactivate " by clicking on the deactivate button beside Copy or Merge icons
Mj
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Everyone,
I would like to thank each and everyone who took efforts in helping me to provide the solution to issue.
The final Solution was : it was a SAP Standard behavior.
If there is at least one authorization default value , whose default values differ from the maintained authorization , but has at least the same fields filled with default values, then the maintained authorization remains and is given the status “ maintained new “. A new Standard authorization is also added.
The status of “ maintained Old “ has been changed to “ maintained New “is designed to make the Role administrator aware that he must decide whether the maintained authorization will still be required or not.
EX:
I have created a Role in which i added a t-code SU01 and this t code has got the below authorization default values for the object S_USER_SAS being maintained.
S_USER_SAS
ACT_GROUP: < EMPTY >
ACTVT : 01,06,022
Class: ABC
Profile: < EMPTY >
Subsystem : < Empty >
and this particular object has been added into my newly created role and i have maintained this object as below.
S_USER_SAS < maintained new >
ACT_GROUP: Z_SD_HOD
ACTVT : 01,06,022
Class: ABC
Profile: *
Subsystem : *
After which i have added a tcode Su10 and this t code has got the below authorization default values for S_USER_SAS.
S_USER_SAS
ACT_GROUP: < EMPTY >
ACTVT : 01,06,022
Class: Super
Profile: < EMPTY >
Subsystem : < Empty >
So finally now my role has the below objects.
S_USER_SAS <maintained from SU01> S_USER_SYS < Standard from Su10 >
Act_Group: Z_SD_HOD Act_Group: <Empty>
ACTVT:01,06,22 Actvt: 01,06,22
Class:ABC Class: Super
Profile : * Profile: <Empty>
Subsystem:* Sub System: <Empty>
Now if we remove the t code SU 01 from Role , then the corresponding maintained object to the su01 will not get removed rather when you perform merge option then you can see the above instances of S_USER_SAS object.
S_USER_SAS <maintained NEW from SU01> S_USER_SYS < Standard old from Su10 >
Act_Group: Z_SD_HOD Act_Group: <Empty>
ACTVT:01,06,22 Actvt: 01,06,22
Class:ABC Class: Super
Profile : * Profile: <Empty>
Subsystem:* Sub System: <Empty>
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Maram
How SAP has made this functionality is explained below:
Above scenario cited by you only happens for Maintained status and not Changed status.It is like when you remove 1 tcode out of the 2 t-codes with same objects and different values.
Auth object for that t-code will be made as New status and the other instance of the same auth object for the 2nd t-code will be made as OLD status.
The auth object will only gets removed from PGFC if and only if all the t-code related to that particular auth object gets deleted.
Till that time it just makes the auth instances as status 'NEW' .
Hope this helps and answers your query.
Regards
Pradeep
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Are SU01 and SU10 the only transactions you have added to the role or are there others? What does the overview icon next to the object tell you when you click it?
You'll see that the instance is of status NEW, which should be interesting.
Message was edited by: Will Dunkerley - clarity.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Maram
The Last Maintained Auth object will be unchanged,even if any one of the tcodes is removed as well.
The condition here is if the two tcodes have same proposed values in Su24.
I repeat .. Maintained (you have just added values, but not changed values which are set in Su24)
Thanks
Pavan M
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
90 | |
10 | |
10 | |
10 | |
7 | |
7 | |
6 | |
5 | |
4 | |
3 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.