Solved: Authorisation check on F_KNA1_BUK field BUKRS = ' ...

Former Member · ‎10-23-2013

Dear experts

Since ECC ERP EhP 6 we get some strange authorisation erros. This is the latest screenshot of SU53 from a user:

As you can see, the missing object is F_KNA1_BUK with field BUKRS set to ' ' (and ACTVT 02).

This is very strange, because we usually want to access a specific BUKRS like e.g. "0001".

Can anyone explain why this happens? Any help will be appreciated.

Thanks in advance!
Jann

ACE-SAP · ‎10-23-2013

Hello

Check that post that will explain one possible cause for auth controls with blank values

http://scn.sap.com/thread/3439431

Best regards

Julius von dem Bussche

Only problem is that the fields of the authorization object(s) need to be import parameters for the functions and are all to often typed with DEFAULT SPACE.

This means that if the caller does not pass a value and the developer of the FM did not think of coding a DUMMY check in cases where field is initial...

then you get hard-coded spaces coming back again...

ACE-SAP · ‎10-23-2013

Hello

Check that post that will explain one possible cause for auth controls with blank values

http://scn.sap.com/thread/3439431

Best regards

Julius von dem Bussche

Only problem is that the fields of the authorization object(s) need to be import parameters for the functions and are all to often typed with DEFAULT SPACE.

This means that if the caller does not pass a value and the developer of the FM did not think of coding a DUMMY check in cases where field is initial...

then you get hard-coded spaces coming back again...

Former Member · ‎10-23-2013

Dear Jann,

Please note that the Authorization object generally has fields which correspond to the level at which the authorization has to be checked as well as the activity that is permitted.

In your case, F_KNA1_BUK is an authorization object to check the authorization at Company Code level. The error is that the Company Code is blank or ' ' in SU53 which clearly means that the company code for which authorization check is being performed is blank. When the expected outcome is that the user should have access to a particular company code 'X', please ensure that the field BUKRS of the authorization object is passed with the value of the company code. This should definitely fix the issue.

Please refer the below code snippet for a much clear view into this.

AUTHORITY-CHECK OBJECT 'F_KNA1_BUK'
ID 'ACTVT' FIELD '02'
ID 'BUKRS' FIELD 'Company Code for which authority has to be checked'.

This should definitely solve your issue.If you d not want the company code field to be checked at all, please pass DUMMY to it.

Please reward if your query is answered. Also, get in touch with me in case you need more help.

Former Member · ‎10-24-2013

Thanks you two, it is now clear why the field is empty (no company code was entered by the user(s)).

The strange thing is, this never happend before EhP6, and this happens is a standard transaction (FD02). My guess is, that before the upgrade it was not possible to enter a customer without the company code).

Thank you both, the problem is solved.

Former Member · ‎10-24-2013

Hi Jann

"My guess is, that before the upgrade it was not possible to enter a customer without the company code)."

The users will not be using their transaction in a different way after the upgrade to before the upgrade - they are now experiencing difficulties because the upgrade is not just an authorisation change. I suspect that various programs are also being upgraded so the checks are now differently coded so you will have to react by changing the authorisations rather than telling the users to change how they work day to day.

Kind regards

David

Authorisation check on F_KNA1_BUK field BUKRS = ' '