Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Roles show old Activities for Object S_ALV_LAYO

Go to solution
Former Member

‎09-11-2013 11:48 AM

0 Kudos

Dear All,

I am a ABAP'er but have received a issue for Roles.

We have a issue that a Role already had Authority Object S_ALV_LAYO assigned. After SAP Upgrade Authority object S_ALV_LAYO has only one activity i.e.23.

But if I display role from transaction SUIM then the Acitivity "03" is displayed and checked by default. But Activity "03"  no longer exists a permitted activity for object S_ALV_LAYO it seems SAP has deleted it.

I debugged and found that this value come from table AGR_1251. Could you please advice how to sort this issue as the authority object S_ALV_LAYO is assigned to several roles? How can I adjust Roles so that deleted Activity are no longer displayed?

It seems that steps after upgrade i.e. tcode SU25 were not executed. Kindly advice.

1 ACCEPTED SOLUTION

Go to solution
Colleen
Advisor
Advisor

‎09-12-2013 2:54 AM

0 Kudos

Hi Abhishek

"It seems that steps after upgrade i.e. tcode SU25 were not executed" - seems you have answered your question?

That aside, debugging and finding AGR_1251 tables means you just found PFCG role contents. As Julius has advised - have your security team fix the role

In addition, if you think SU25 is contibuting (therefore SU24) you might want to check table USBOT_C and see if there are any S_ALV_LAYO values for ACTVT 03. Have security fix them and adjust all impacted roles. If, however, the PFCG entry (AGR_1251) is manually added to the role, then security need to go manually fix it.

In short, talk to your security team.

Regards

Colleen

5 REPLIES 5

Go to solution
Former Member

‎09-11-2013 6:23 PM

0 Kudos

What error(s) do the users get now that hte 03 value is assigned to the roles? If none, can't you just let them have the 03 activity, even if it is not being used anymore?

Go to solution
Former Member
In response to Former Member

‎09-11-2013 6:55 PM

0 Kudos

You use this authorization object to protect global default layouts of the ABAP

List Viewer (ALV).

The authorization object contains the following fields:

   Activity

So that you can create, change or set default layouts, the authorization for
activity

23 - Maintain must have been added to your user master record.

you can use the tx SU24 for maintain the authorization default values

Go to solution
Former Member

‎09-11-2013 6:41 PM

0 Kudos

It is quite likely that an ABAPer also caused this problem or the old F7 trick in PFCG was used back then.

If the roles are intact with SU24 then simply use the merge function (ask the security admin what that means, they should know..).

Cheers,

Julius

Go to solution
Colleen
Advisor
Advisor

‎09-12-2013 2:54 AM

0 Kudos

Hi Abhishek

"It seems that steps after upgrade i.e. tcode SU25 were not executed" - seems you have answered your question?

That aside, debugging and finding AGR_1251 tables means you just found PFCG role contents. As Julius has advised - have your security team fix the role

In addition, if you think SU25 is contibuting (therefore SU24) you might want to check table USBOT_C and see if there are any S_ALV_LAYO values for ACTVT 03. Have security fix them and adjust all impacted roles. If, however, the PFCG entry (AGR_1251) is manually added to the role, then security need to go manually fix it.

In short, talk to your security team.

Regards

Colleen

Go to solution
Former Member

‎09-24-2013 10:01 AM

0 Kudos

Thanks for feedback. These issue happened as the steps after upgrade were not executed. So the steps via SU25 needs to be executed.