cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Authorisation Missing.....Urgent

Go to solution
Former Member

on ‎05-15-2007 6:20 PM

0 Kudos

Hi All,

Iam facing a problem with authorisations with a particular role.

The problem is like the user is not having authorisation access to get SU53 screen shot he can only get job log.

The job log is as follows...........

when user tries to run DB13 he is getting error as...............

====================================================

Job log

job started

step 001 started (program RSDBAJOB variant &0000000000295 ,User TNP:SYS:ADM2)

Execute logical command BRARCHIVE on host SSAPTDB

parameters: -u / -c force -p initJVI.sap.adsm.archive -cds

SXPG_COMMAND_EXECUTE failed for BRARCHIVE - reason no permmission - Authorisation object S_RZL_ADM miss

job cancelled after syatem exception ERROR_MESSAGE

===================================================

I have checked for auth.object S_RZL_ADM from role.Everything is fine but i couldnot trace out why the user is getting such a job log....

Please give me the solution.........

What could be the problem?

Please help over this.........

With Regards

Swapna.

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

Former Member
‎05-15-2007 9:44 PM
0 Kudos

Hello Swapna,

What are the values assigned in the fields of S_RZL_ADM to the user TNP:SYS:ADM2?

Regards.

Ruchit.

Show replies
Show replies
Former Member
‎05-15-2007 9:56 PM
0 Kudos

Hi Ruchit,

The values assigned to user TNP:SYS:ADM2 for auth.object are

S_RZL_ADM ==> ACTVT = 01,01-03,03 & 08.

Small clarification Ruchit,

from the above statement auth.object contains redundant access ie ACTVT= 01 and 03.it contains twice 01 and 03.

My doubt is if there is redundant access,will the user get such type of job logs or it may be due to some other problem.

For any auth.object what happens if there is redundant access.can you give me brief idea about this.

Please explain briefly.......

How can i solve the above issue.

Thank You,

Swapna.

Former Member
‎05-15-2007 10:21 PM
0 Kudos

Hello Swapna,

Reduntant access should not cause any issues.

However I will suggest this.

Instead of specifying the activities explicitily just give a * in the activity field meaning access to all activities but nevertheless the value should be stated as *.

TNP:SYS:ADM2 is clearly the step user. In case he is also the job owner in other words a disalog user using which you are logging into SAP then log out and relogin after give activty as *.

Now reschedule the job and see if it runs successfully.

Regards.

Ruchit.

Former Member
‎05-16-2007 6:37 PM
0 Kudos

Hi Ruchit,

Thank You Very Much for your response.

There is no problem for giving * access to Auth.object S_RZL_ADM,but we cannot give * access as our wish.

This is only the solution for job log what i have mentioned above or just normally.

b'coz i cannot add * access for the user unless i get approval from our manager.

If this is only the solution for the above job log,I can proceed with that.

Before that is Basis Admin need * access for auth.object S_RZL_ADM?

Is it must or just b,coz of job log we need to add * access.

Please explain briefly.

Thank You,

Swapna

Former Member
‎05-16-2007 6:43 PM
0 Kudos

Hello Swapna,

S_RZL_ADM is for basis activities. Nothing wrong in giving * or giving full authorizations to basis users for this. Also you can not stop critical activities like DB13 for sake of authorizations!!.

It is after all just * in S_RZL_ADM and not SAP_ALL.

I would really suggest giving * and then trying again. Frankly it should have worked with 01 and 03 but now it is not * is needed. Please try it at least first and see if it solves the issue.

I have * in my production environment for S_RZL_ADM.

Regards.

Ruchit.

Former Member
‎05-17-2007 3:33 AM
0 Kudos

HI Ruchit,

Thank You Very Much.........

I will try for that by giving * access

Hope it works fine...

I will let u know

ok ......

Bye

With Regards,

Swapna.

Answers (2)

Answers (2)

Former Member
‎05-16-2007 8:01 AM
0 Kudos

Hi,

Ruchit is correct.

First remove the activities, and provide full access ie " * ", check.

And plz. delete repeated autho. objects, activities.

Redudency will cause performance issue ie slow response.

Show replies
Show replies
Former Member
‎05-16-2007 9:06 AM
0 Kudos

Hi MSR,

While your suggestion for redundancy is good one but we dont need to bother too much about it . SAP takes care of duplicates itself and deletes them while sorting them into an internal table.

Check function module SUSR_AUTHORITY_CHECK_SIMULATE for this.

clear auths. refresh auths.

loop at values.

auths-objct = values-objct.

auths-auth = values-auth.

append auths.

endloop.

sort auths.

delete adjacent duplicates from auths.

Anyways it is good practice though we dont need to bother for it in this particluar case. Performance wont get affected by it in a big way.

Regards.

Ruchit.

Former Member
‎05-16-2007 9:12 AM
0 Kudos

Hi Swapna,

You can trace the user using st01 transaction... user do not reqire autorization on transaction st01..

Regards

Ben

Former Member
‎05-15-2007 8:36 PM
0 Kudos

Hi,

It is problem with operating system level group assignment.

Regards

Ben

Show replies
Show replies
Former Member
‎05-15-2007 8:38 PM
0 Kudos

hi,

you can trace using transaction ST01

Regards

Ben

Former Member
‎05-15-2007 9:49 PM
0 Kudos

Hi Ben,

Thank You for your reply.

But the user cannot run ST01 also........

Is there any alternate solution for this issue.If so Please help me.

Thank You.

Swapna.

Ask a Question