cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Authorization check for Personas objects

Go to solution
Former Member

on ‎04-19-2016 1:12 PM

0 Kudos

Hey everyone!

I have faced issue regarding Personas authorization object. When I use stauthtrace to evaluate authorization issues user is has while executing transaction, it gives me, inter alia, response that this user has missing authorization for Personas, but this user doesn't need anything else that use and change flavor... why is this an issue here?

Thank you in advance

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

dominik_ofenloch
Participant
‎04-20-2016 12:37 PM
0 Kudos

Hi Diana,

thank you very much for your question. Basically you have to ignore these kinds of failing authority checks. During Personas Runtime / Backend initialization we check the users authorizations and set the corresponding editor and runtime features to enabled or disabled.

For example in case a user opens the Flavor Gallery we always have to check whether the user is a runtime admin and therefore we have to load all flavors available for the current transaction.

I'll check out with our development colleagues whether we can minimize the authorization checks appearing in the log.

Best regards,

Dominik

Personas ABAP Development Lead

Show replies
Show replies

Answers (3)

Answers (3)

dominik_ofenloch
Participant
‎05-20-2016 8:30 AM
0 Kudos

Hi Diana,

can you please implement SAP note 2317313 in SP02 or implement SP03. This should already help minimizing the number of authority checks. I'll investigate further and check whether we can do other changes.

Best regards,

Dominik Ofenloch

Personas ABAP Development Lead

Show replies
Show replies
Former Member
‎05-26-2016 9:14 AM
0 Kudos

Hi Dominik,

first of all thanks for remembering this issue

I implemented the note, but the authorization check still run in the same manner, this fixed only authorization checks for SMEN transaction.

We will evaluate the possibility to implement SP03.

Thanks, Diana

Colleen
Advisor
Advisor
‎04-19-2016 1:49 PM
0 Kudos

I'm not across personas but would ACTVT 03 fix the issue. The trace file looks like it's looping through each activity of P_RUNTIME to see if the user has access?

Show replies
Show replies
Former Member
‎04-19-2016 2:23 PM
0 Kudos

We don't quite want to give user authorization 03 - manage flavors. Users needs only 01 and 02, all the rest are for editing - functions that admin are responsible for.

But either way - it did not fix the issue. This did not help.

Thanks though for advising,

Diana

cris_hansen
Advisor
Advisor
‎04-19-2016 3:06 PM
0 Kudos

Hi Diana,

The role /PERSONAS/CONSUMER_ROLE shows the following auth objects:

Framework (UI Type)        *
Runtime Activity           01, 02, 03

Application ID or Transaction  *

Do you have something different for the user in question?

Regards,

Cris

cris_hansen
Advisor
Advisor
‎04-19-2016 3:21 PM
0 Kudos

Hi Diana,

Is it possible to share a concrete example of what the user tried to do?

I would like to test in my system and see whether I have similar results.

Thank you,

Cris

Former Member
‎04-19-2016 3:50 PM
0 Kudos

This error is accurate for all users that have also assigned personas role (copied from /PERSONAS/CONSUMER_ROLE). All they do is logon with their userID into Screen Personas or regular GUI, although all transaction buttons are available and usable, system issues this authorization in SU53 as well as in STAUTHTRACE.

Diana

cris_hansen
Advisor
Advisor
‎04-19-2016 4:48 PM
0 Kudos

Hi Diana,

I gave to a test user the Personas consumer role + execution access to SMEN and SU53 - no other access. I ran into the same authorization check not successful as you did.

The case here is that method IS_USER_AUTHORIZED from class /PERSONAS/CL_AUTHMGR_BASE receives all P_ACTVT_RT values (i.e. '*'). Thus, it is execpted that for consumer role, you find the fail for activities 04, 05, 06 and 07.

Regards,

Cris

Former Member
‎04-20-2016 8:20 AM
0 Kudos

Hi Cris,

So basically, we should just ignore this?

Diana

cris_hansen
Advisor
Advisor
‎04-19-2016 1:18 PM
0 Kudos

Hi Diana,

Could you check whether SAP note 2276155 is implemented in the system?

Thanks and kind regards,

Cris

Show replies
Show replies
Former Member
‎04-19-2016 1:27 PM
0 Kudos

Hi Cristiano,

Yes it is implemented in the system.

Diana

Ask a Question