03-27-2007 10:22 PM
Everytime I run a trace in ECC, I see looot of objects showing up with return codes 4 and 12.
Most of the objects which receive the RC=12 are not needed for user. I don't know why RC = 4 shows up even when the authorization values exist in the user profiles.
Can anyone please help me understand the trace return codes in ECC.
I found the below info on the web, which does not make sense to me from what I see in my trace analysis :
Return Code 0
Authorization check passed
1
No Authorization
2
Too many parameters for authorization check
3
Object not contained in user buffer
4
No profile contained in user buffer
6
Authorization check incorrect
7,8,9
Invalid user buffer
03-27-2007 11:12 PM
The old return codes:
1 failed--the user has the object but not the complete authorization.
3 failed and the user does not have the object
now it's
4=the old 1
12=the old 3
Cheers,
Ben
03-27-2007 11:12 PM
The old return codes:
1 failed--the user has the object but not the complete authorization.
3 failed and the user does not have the object
now it's
4=the old 1
12=the old 3
Cheers,
Ben
03-27-2007 11:31 PM
I dont think RC = 4 always implies that its old RC = 1.
Loooot of objects are receiving this RC=4 value. User should not need these values for the respective object. If RC=4 implies failed authorization, then why is the user able to do his job.
RC=12, again user does not need these values for the respective object.
I agree that at closing looking at objects with RC=4 will help in finding the authorization fix, but its still confusing.
03-28-2007 1:58 PM
Just because a trace shows a user had a failed authorization object check doesn't mean one cannot perform the transaction. That will need to be determined on a case by case basis depending how the transaction works. Some transactions check security at a high level and then restrict the transaction accordingly if one only has selective security.
Example: SM36 checks S_BTCH_ADM 'Y'. This will show a return code 4 if one doesn't have the authorization with a 'Y' value. However the user can still perform the transaction on a limited basis if one has the other objects S_BTCH_JOB and S_BTCH_NAM (if applicable).
Cheers,
Ben