Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Authorization Missing, when all the activites are maintained

Go to solution
Former Member

‎03-08-2016 8:22 AM

0 Kudos

Hello,

We are configuring WebService and while checking for technical settings, system throws an error that the WebServices user is missing authorization S_SRT_UASG.

Upon verifying, I saw that the user is having the authorization maintained as below in one of the roles assigned to it.

But still the check for Technical Settings showed that the user is missing the object S_SRT_UASG.

Observing this, I made a test role with the said object and instead of maintaining all the activities, I maintained * and this time the check for technical settings completed successfully.

Could anyone please tell me, what has happened here, why * activity is working and not all the activities maintained individually.

Thanks in advance.

BR

Arya

Preview file
54 KB
Preview file
9 KB
1 ACCEPTED SOLUTION

Go to solution
Private_Member_69416
Active Participant

‎03-08-2016 9:29 AM

0 Kudos

Hi

You can solve the mystery by ST01 authorization trace.

Other "activity" value was checked than you expected.

Regards

Przemek

8 REPLIES 8

Go to solution
Private_Member_69416
Active Participant

‎03-08-2016 9:29 AM

0 Kudos

Hi

You can solve the mystery by ST01 authorization trace.

Other "activity" value was checked than you expected.

Regards

Przemek

Go to solution
Former Member
In response to Private_Member_69416

‎03-08-2016 10:16 AM

0 Kudos

ST01 gives ACTVT as *. Again back to the mystery. Why is system giving * in trace when I have included all the activities at the role level.

Arya

Go to solution
Private_Member_69416
Active Participant
In response to Private_Member_69416

‎03-08-2016 10:35 AM

0 Kudos

answer is:

the authority check in program is looking for '*'

and only this value is valid

Go to solution
Former Member
In response to Private_Member_69416

‎03-08-2016 10:52 AM

0 Kudos

There is no check as per the program.

Go to solution
Private_Member_69416
Active Participant
In response to Private_Member_69416

‎03-08-2016 11:17 AM

0 Kudos

The check is build in include:  LTASK_LUWU02

There was a change in this program:

In 7.02.15 - it checks for '*'

In 7.40.07 it ignores ACTVT field

But I don't know when the correction was introduced.

One is clear, your system has lower release than 7.40.07

Go to solution
former_member183044
Active Participant

‎03-08-2016 10:21 AM

0 Kudos

Hi,

Check for any other roles which containing "ACTVT as *". Also look for Auth.Obj "S_TCODE" for the respected tcode for the particular user.

Regards

Praveen

Go to solution
Former Member
In response to former_member183044

‎03-08-2016 10:26 AM

0 Kudos

Hello Praveen,

I have such a role.

My doubt is why the system is asking to put * and is not working with all the maintained activities which I have showed in my original post.

I hope you got my point now.

I have already solved the issue by putting *  but that is not the reason why I have posted this doubt.

BR

Arya

Go to solution
Former Member
In response to former_member183044

‎03-08-2016 11:16 AM

0 Kudos

This is clearly badly programmed. Hardcoding a '*' or checking a value which is not in the value range (which forces a '*' in the role as well) must be fixed in the coding, and not in the role or SU24.

Correct would be to report it to the developer and not authorized the user until it is fixed (so that it also gets fixed...).

Cheers,

Julius