09-14-2007 10:27 AM
Hi ,
I have some set of roles. I assigned those set of roles to an user for his QA and production access. In QA he is able to do but with the same set of roles in production he is not able to do. In QA system he is able to perform rehiring action through PA40 but in production he is not able to do so.
Please through some light why system is behaving like this and more over our QA system is a recent refresh of production system.
With the same set of roles and some additional roles another user is able to do this but this is user is not able to do?
Thanks and Regards,
Visali.Malepati
09-14-2007 9:55 PM
Hi,
I would like to suggest you , do role comparison and make sure roles in both the system are same, then try to figure out with SU53 or ST01 trace.
which I am sure will help you. In case you still have doubts , then reply back
Regards
Puneet
09-14-2007 12:17 PM
09-14-2007 1:45 PM
please also check the usergroup parameter (UGR) if QA and PRD values are the same.
09-17-2007 3:20 AM
Hi Dimitri,
User group parametr is same in UAT and Production that is 25,
UAT is rcent refresh of production.
Thanks and Regards
09-14-2007 7:36 PM
I would also run PFUD to make sure all users have the current version of the role. Then check the Profile tab and make sure there is no additional profile that is giving access to one user and not the other... like SAP_ALL (Ohh no NOT that one!!!).
Hope that helps.
Regards,
Paul
09-17-2007 3:21 AM
Hi Paul,
User is not having authorization to use this transaction PFUD in production.
Thanks and Regards.
Visali Malepati.
09-14-2007 9:34 PM
Excellent suggestions from all the replies above. If you still can't figure it out, run a trace ST01. Then research the missing authorization.
Good Luck.
09-17-2007 3:23 AM
Hi John,
As mention before user is not authorised to use ST01 in production.
Thanks and Regards
Visali Malepati.
09-17-2007 5:45 PM
Visali,
That is a good start "User cannot run ST01". At least you have secured this transaction from the general user population. You will be running ST01 and not the user.
I will read the rest of the thread and reply if your question haven't been answered.
09-18-2007 6:55 AM
Hi John,
I think we need to run ST01 using users login id right. I am an ABAPer so i seldom use this transaction code. User is not having authorization to use this Transaction.
I would like to know the impact if I do reset user buffer in SU53 in production system. I am afraid will it cause any side effect. Even I raised to OSS message also but no reply.
Thanks and Regards,
Visali.Malepati
Message was edited by:
visali malepati
09-18-2007 6:16 PM
Visali,
Have the user logon, and before he/she is about to run the transaction that is failing run ST01 with authorization checked. After the authorization failure analyzed the trace. Enter the User ID and check for 12's hard failure, sometime you might need to also correct the soft failures of 4's.
Good Luck.
09-14-2007 9:55 PM
Hi,
I would like to suggest you , do role comparison and make sure roles in both the system are same, then try to figure out with SU53 or ST01 trace.
which I am sure will help you. In case you still have doubts , then reply back
Regards
Puneet
09-17-2007 3:37 AM
Hi Puneet and Chaitanya,
Reagrding SU53.
It is showing
Authorization level = W
Infotype = 0000
Personnel Area = *
Employee Group = *
Employee Subgroup = *
Subtype = *
Organization Key = *
User is having more than this required in two roles.
1 <b>Z_CC-ESS</b>
Authorization level = *
Infotype = 0000
Personnel Area = JTC* ( We have only with JTC*)
Employee Group = *
Employee Subgroup = *
Subtype = *
Organization Key = ESS ( We have two organization keys one is ESS and other one Prof)
in and in another role ( <b>Z_CC-Prof</b> )
Authorization level = *
Infotype = 0000
Personnel Area = JTC*
Employee Group = *
Employee Subgroup = *
Subtype = *
Organization Key = Prof
Both these roles are assisgend to the user and both roles user compare is done in production.
I read in one thread about Buffer over flow. Do any one have any idea about Buffer over flow. Please throw some light on Buffer overflow.
In SU53 Tcode there is one option under menu tab authorisation values that is Reset user buffer. what is this for?
Thanks and Regards,
Visali Malpeati.
09-17-2007 7:08 AM
Hi
Users will be able to get authorization from First 312 Profiles ( In some verson only 300 Profiles ) assigned to users.
Check the number of profiles that user is having in Production?
If it is Greater then 312 then user will not get the access of that excedding Profiles.
09-18-2007 7:00 AM
Hi Sushil,
I checked the user's profiles under profile tab of SU01 screen. Records are not even 30. So is there any other thing that is over riding in production for this user.
Thanks and Regards
Visali Malepati.
09-18-2007 7:12 AM
The answer is in your Su53
The SAP system requests * for Personnel Area and Organisation Key so pls create role with that wide autorisation and retest.
09-18-2007 7:22 AM
Hi Auke,
We have personnel Areas starting with "JTC" only and we have only two Organisation Key that is ESS and PROF. Both these ascess are given to the user through two seperate roles and mire over with this same set of roles the user is able to do in QA system and development system.And more over another user is able to perform PA40 with this set of roles even in production. But I am facing problem with this User only.
Thanks and Regards
Visali Malepati
09-18-2007 8:04 AM
I suggest to try to create a role with values star and test to see if it solves the issue. As in SU53 it demands the star value.
09-17-2007 7:22 AM
Hi,
By your su53, it is asking
Personnel Area = *
and in your existing two roles u got JTC*
1 Z_CC-ESS
Personnel Area = JTC* ( We have only with JTC*)
in and in another role ( Z_CC-Prof )
Personnel Area = JTC*.
Check this field.
I hope it will work.
Regards
Suresh
09-18-2007 7:55 AM
Hi
Are you using structural Authorization also in Production System ?
If this is the case it will not show missing authorization in SU53.
Sushil
09-18-2007 8:19 AM
Hi Sushil
If we use structural authorizations then how to get missing authorization.
I strongly believe that there is no missing authorization for that user.It is some where some settings i need to do or need to reset user buffer in SU53 transaction code. Before resetting user buffer, I want to do the impact analysis of that as the problem is in production server. I am afraid if any thing happens, user will make noise. If you have any idea please let me know.
Thanks and Regards
Visali Malepati.
09-18-2007 11:28 AM
Try to execute this report in SE38
RHPROFL0
If this is showing output then your system is confirgured for Str Auth.
Check this tcode also : OOSB
If Str Auth is directly assigned to a user it will be available in OOSB
Str Auth is restricting the user access after getting access from General Profile ( PFCG Roles)
09-18-2007 1:20 PM
There is one additional thing to bear in mind. Although you use Structural Authorisations roles that have * (STAR) values overrule any Structural Authorisation set up.
So when the SU53 tell you that it wants to see a STAR in a Structural field you simply have to build a role with the STAR in the field or you will get an authorisation error. And that has NOTHING to do with structural authorisations!!
09-21-2007 12:20 PM
Use this report to Reset the USER Buffer in all client
RSUSR405.
It will reset only User Authorization.
09-19-2007 5:15 AM
I agree with Auke Visser,
Try assign * value where it reqquires and test once.
Your problem will be solved.
Regards
Suresh
09-19-2007 10:35 AM
Hi Visali
sometime you need to check the data too, take a look at the personel number in organizational assigment(you can use PA20) , is it in your personel area or not.
regards