cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Restrict Developer to perform Action "Approve Preliminary import" in ChaRM

Former Member

on ‎12-24-2013 11:45 AM

0 Kudos

Hello,

I am trying to restrict Developer to perform this Action " Approve Preliminary import" in normal change document. But still developer is able to perform this action and able to import TR into the test system.


I have adjusted "ZSAP_SOCM_DEVELOPER" for Authorization object B_USERSTAT but no luck.

Can you please let me know what else I need to check and configure?

Roles -  Authorization key SMMJ_05 which is for "Approve Preliminary import" is not exist in BERSL field, but still developer is able to perform this action.

I refereed this document for solman security -

UC00030 - SAP Solution Manager - Security and Authorizations - SCN Wiki

Thanks & Regards,

Nilkanth.

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (2)

Answers (2)

prakhar_saxena
Active Contributor
‎12-25-2013 4:48 PM
0 Kudos

Hi Nilkanth,

Have you remove the unwanted status authorization code from both the

B_USERSTAT

and

B_USERST_T

also make sure not assigned him authorization via another pfcg role etc

hope this helps

Regards

Prakhar

Show replies
Show replies
Former Member
‎12-26-2013 9:39 AM
0 Kudos

Hi Prakhar,

Yes I have alerday  deleted unwanted authrization codes. Only below roles is assinged to developer and only *SOCM* role have authorziation object "B_USERSTAT". B_USERSTAT_T is inactive.

SAP_S_RFCACL

SAP_SM_CRM_UIU_SOLMANPRO

SAP_SMWORK_CHANGE_MAN

Z_TRUSTED_RFC

ZSAP_CM_SMAN_DEVELOPER

ZSAP_SM_CRM_UIU_FRAMEWORK

ZSAP_SM_CRM_UIU_SOLMANPRO_CHAR

ZSAP_SMWORK_BASIC_CHANGE_MAN

ZSAP_SOCM_DEVELOPER

Thanks & Regards,

Nilkanth.

prakhar_saxena
Active Contributor
‎12-26-2013 10:34 AM
0 Kudos

Hi

it is difficult to check without system access

but let us try this

remove this role and then check your scenario ..if still it works somewhere else user is authorized

if not, kindly copy and create a new role and then customized the values and then check with new role .(don't forget to remove old role)

kindly share results ..All the best

Regards

Prakhar

Former Member
‎12-26-2013 4:04 PM
0 Kudos

Hi,

To be Hundred procent Sure you can do 3 things :

  1. Go to SUIM search Roles by Authorization Values enter there B_USERSTAT with key  SMMJ_05, now enter all roles you mentioned in filter = you will get which roles containt this authorization
  2. Make break point in IF_EX_EXEC_METHODCALL_PPF~EXECUTE with filetr fo HF_STATUS_SET and debug
  3. Activate authorization trace ST01 for this user

Regards Dan

Former Member
‎12-27-2013 5:53 AM
0 Kudos

Issue is resolved. by doing troublshooting using SUIM.  B_USERSTAT was existing in Z_TRUSTED_RFC after remove this role I was able to restric it.

Thanks for you suggestion.

Regards,

Nilkanth.

Former Member
‎12-25-2013 7:59 AM
0 Kudos


Hi Nilkanth,

Did you tried to catch up with ST01 authorization trace ?

Mb some other roles are overlapping.

Rg Dan

Show replies
Show replies
Ask a Question