03-08-2016 8:22 AM
Hello,
We are configuring WebService and while checking for technical settings, system throws an error that the WebServices user is missing authorization S_SRT_UASG.
Upon verifying, I saw that the user is having the authorization maintained as below in one of the roles assigned to it.
But still the check for Technical Settings showed that the user is missing the object S_SRT_UASG.
Observing this, I made a test role with the said object and instead of maintaining all the activities, I maintained * and this time the check for technical settings completed successfully.
Could anyone please tell me, what has happened here, why * activity is working and not all the activities maintained individually.
Thanks in advance.
BR
Arya
03-08-2016 9:29 AM
Hi
You can solve the mystery by ST01 authorization trace.
Other "activity" value was checked than you expected.
Regards
Przemek
03-08-2016 9:29 AM
Hi
You can solve the mystery by ST01 authorization trace.
Other "activity" value was checked than you expected.
Regards
Przemek
03-08-2016 10:16 AM
ST01 gives ACTVT as *. Again back to the mystery. Why is system giving * in trace when I have included all the activities at the role level.
Arya
03-08-2016 10:35 AM
answer is:
the authority check in program is looking for '*'
and only this value is valid
03-08-2016 10:52 AM
03-08-2016 11:17 AM
The check is build in include: LTASK_LUWU02
There was a change in this program:
In 7.02.15 - it checks for '*'
In 7.40.07 it ignores ACTVT field
But I don't know when the correction was introduced.
One is clear, your system has lower release than 7.40.07
03-08-2016 10:21 AM
Hi,
Check for any other roles which containing "ACTVT as *". Also look for Auth.Obj "S_TCODE" for the respected tcode for the particular user.
Regards
Praveen
03-08-2016 10:26 AM
Hello Praveen,
I have such a role.
My doubt is why the system is asking to put * and is not working with all the maintained activities which I have showed in my original post.
I hope you got my point now.
I have already solved the issue by putting * but that is not the reason why I have posted this doubt.
BR
Arya
03-08-2016 11:16 AM
This is clearly badly programmed. Hardcoding a '*' or checking a value which is not in the value range (which forces a '*' in the role as well) must be fixed in the coding, and not in the role or SU24.
Correct would be to report it to the developer and not authorized the user until it is fixed (so that it also gets fixed...).
Cheers,
Julius