Solved: SU53 message "Check for user _SYSTEM"

Former Member · ‎05-27-2014

Hello All,

We have been facing issues lately during some imports with BPC environments from D to Q.

The team sent me the SU53 screenshot as attached below.

The user who sent me the screenshot has the missing object access already, i noticed the entry : Check for User _SYSTEM.

We are unable to identify which user could it be as we dont have a user called _SYSTEM in our system.

Is there a way to find out the User for which this access is being checked?

Former Member · ‎05-28-2014

Very interesting case...

AUTHORITY-CHECK statement has the capability to check foreign user access although you are running the program. See docs on the statement in tcode ABAPDOCU.

In this case, the FOR USER variable is either hardcoded or coming from some customizing.

What you need to do is get the user to run this SU53 and then hit the save button. Then go to table USR07 for than user and the check and at the end of the table fields you will see the program context and line at which it happened. Then go to SE80 to display that code and look to see what happens before the AUTHORITY-CHECK statement (particularly where the FOR USER variable is coming from).

99 times out of 100 it is a configuration problem (very strange one...) caused by not reading the documentation or there is no documentation....

Good luck and let us know what you find. It is an interesting problem which I have also seen increasing recently. Makes it very confusing for security admins and application support when trouble shooting and they expect SU53 to tell the truth, but the feature itself is very cool if used correctly and you take note of the "reason codes" for the check.

Cheers,

Julius

former_member200876 · ‎05-27-2014

dear Veena

the snapshot explain that the authorization check is failed , so you need to ensure that the end user use SU53 in correct way ,

also you can use Trace to get the error

may this blog help you to use Trace :

BR

M. Ezzat

Former Member · ‎05-28-2014

Very interesting case...

AUTHORITY-CHECK statement has the capability to check foreign user access although you are running the program. See docs on the statement in tcode ABAPDOCU.

In this case, the FOR USER variable is either hardcoded or coming from some customizing.

What you need to do is get the user to run this SU53 and then hit the save button. Then go to table USR07 for than user and the check and at the end of the table fields you will see the program context and line at which it happened. Then go to SE80 to display that code and look to see what happens before the AUTHORITY-CHECK statement (particularly where the FOR USER variable is coming from).

99 times out of 100 it is a configuration problem (very strange one...) caused by not reading the documentation or there is no documentation....

Good luck and let us know what you find. It is an interesting problem which I have also seen increasing recently. Makes it very confusing for security admins and application support when trouble shooting and they expect SU53 to tell the truth, but the feature itself is very cool if used correctly and you take note of the "reason codes" for the check.

Cheers,

Julius

Former Member · ‎06-02-2014

Hello Julius,

We were able to find the resolution for this issue, it was due to missing configuration in SPRO.

This is described in the SAP Note : 1967230 - Transport error: No Access to environment 'XXX'.

Once this configuration is maintined the authorization issue during BPC environment transports is solved.

Thanks!

Cheers!

Veena