09-11-2007 12:50 PM
Hello,
does anyone knows the behaviour of * in S_tcode aothorization object.
1) If i assign ME* in S_Tcode in role manually.do i will get auth ME00 and ME01 tcode execution rights.
but in my case i am not able to execute ME01.
Regards
Nilesh
09-11-2007 12:56 PM
You will pass the check on tcode (S_TCODE) but if the transaction checks other auth objects then unless you have them, you won't be able to run the transaction. You can find out what you failed on by using transaction SU53.
p.s. don't put * in S_TCODE if you can help it.
09-11-2007 12:56 PM
You will pass the check on tcode (S_TCODE) but if the transaction checks other auth objects then unless you have them, you won't be able to run the transaction. You can find out what you failed on by using transaction SU53.
p.s. don't put * in S_TCODE if you can help it.
09-11-2007 1:33 PM
You are likely missing access to auth objects - M_ORDR_WRK and / or M_ORDR_EKO. Depending upon where the SAP ABAPer put the auth object check - sometimes you would be allowed to execute the transaction code and get stopped when you attempted to go further - other times it will not even let you execute the tcode though you may have access to the tcode.
Agree with Alex - using wildcards in S_TCODE is not recommended as it bypasses the "benefits" of profile generator.
09-11-2007 1:43 PM
Thanks alot JC and alex for the reply
But i want to know the behaviour of wildcard in S_tcode
If i give a range ME*--ME21 in S_tcode then it should give me access to ME00 and ME01 (if associated auths are there in profile)
but when i check through SUIM it shows ME00 and ME07 authorization.
Hope you got the point
Regards
Nilesh
09-11-2007 2:16 PM
If you give ME* - ME21 then you will get all tcodes starting with ME as you have given a values that supersedes ME21 (ME*)
If you are reporting via SUIM then it is possible that it is reporting transactions that are entered in the menu or evaluating the complete tcodes it sees in object S_TCODE.
I don't have a system in front of me to check right now, but every system I have used will give you access to pass the auth check against S_TCODE for all tx starting with ME if you enter ME* into the S_TCODE object.
09-11-2007 3:43 PM
Depending upon the selection critieria in the SUIM reports, it will check for different areas of your role. If you are running the role report and you select by tcode, then the report only checks the menu section of your role for tcodes. To check for all values that are in the S_TCODE auth object, you will need to select by auth object values so input the S_TCODE and the value range - this will check the auth object section (AGR_1251) of your role.