Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Change Document for Authorization - Authorization Missing

Go to solution
Former Member

‎08-05-2015 7:28 AM

0 Kudos

Hi all,

I just encountered a strange event, where SUIM - Change Document - For Authorization show changes for an authorization that was not even exist.

Change Document - For role (with Authorization Data radiobutton checked) show this changes:

But the Change Document - For Authorizations show this changes:

My question is, how come there is a log of created entry for S_TCODE T-IQ46141001 authorization? Because I checked in PFCG that there is only one authorization for object S_TCODE (attached).

Any help will be much appreciated, thank you.

Edited, image for PFCG didn't show, added it to attachment.

Preview file
26 KB
Preview file
32 KB
Preview file
27 KB
1 ACCEPTED SOLUTION

Go to solution
Bernhard_SAP
Employee
Employee

‎08-05-2015 7:47 AM

0 Kudos

Hi,

you probabyl hit the limit of values desribed in SAP note 410993 ->3.. So when gererating the profile, 'sub'-authroizations are created automatically ->see last paragraph in that note.

You always should seperate between role data (agr*-tables) and authroization/profile data (usr*-tables) . Differences in the change docs may appear when you compare changed ocs for roles and changeodcs for profiles, auths, etc.

b.rgds, Bernhard

4 REPLIES 4

Go to solution
Bernhard_SAP
Employee
Employee

‎08-05-2015 7:47 AM

0 Kudos

Hi,

you probabyl hit the limit of values desribed in SAP note 410993 ->3.. So when gererating the profile, 'sub'-authroizations are created automatically ->see last paragraph in that note.

You always should seperate between role data (agr*-tables) and authroization/profile data (usr*-tables) . Differences in the change docs may appear when you compare changed ocs for roles and changeodcs for profiles, auths, etc.

b.rgds, Bernhard

Go to solution
Former Member
In response to Bernhard_SAP

‎08-05-2015 8:02 AM

0 Kudos

Hi Bernhard,

I see. I didn't know that the S_TCODE field can automatically divide the authorizations with just one field. So that's why I couldn't see the sub-authorization for it.

Thank you for your answer, really helps me.

Regards,

Andreas

Go to solution
Former Member

‎08-05-2015 8:21 AM

0 Kudos

Hi Andreas,

The User WCS-021 created a new node 41001 which it means that the user added the another S_TCODE object in addition to the previous one whose log is 41000 and delete the old one 41000.

That why two logs are visible for the same object.If we added the authorization object which is already added to the role, a new log is created under the auth object which means two logs are created for the same object.

Regards,

Ramesh Kumar.

Go to solution
Former Member
In response to Former Member

‎08-05-2015 9:43 AM

0 Kudos

Hi Ramesh,

Yes, I know that if we added an object that is already exist, a new authorization (the node in your statement) will be created under that object.

The problem is, as you can see, the node 41001 isn't visible in the PFCG view (see my attached image), and that's what caused my confusion. Thankfully, Bernhard's answer has cleared the confusion.

Regards,

Andreas