05-10-2008 12:27 AM
How can we come to know which Authorization object is necessary for Tcode SO01. If possible tell me steps.
05-10-2008 1:35 AM
Hi Sarita,
1.You can find the related authorization objects using SU24 tcode by mentioning the tcode name, the objects which are check/maintained are the objects related to the tcode.
2.Other option would be by using Table USOBT and USOBT_C (SE16 tcode)
3.You can check in SE93, and see what authorization object is being checked from Authority check program.
Rakesh
05-10-2008 1:35 AM
Hi Sarita,
1.You can find the related authorization objects using SU24 tcode by mentioning the tcode name, the objects which are check/maintained are the objects related to the tcode.
2.Other option would be by using Table USOBT and USOBT_C (SE16 tcode)
3.You can check in SE93, and see what authorization object is being checked from Authority check program.
Rakesh
05-10-2008 9:27 AM
Hi,
I would suggest to go for Authorization trace (ST01).
Switch on the trace.
Execute the t-code SO01, do all the changes/viewing which you want to do and analyze the trace file. You will get all the auth objects that are being checked with their respective field values.
Hope this helps,
Cheers,
Hemant
05-12-2008 9:47 AM
The trace is good for finding out if that object is actually called / checked while executing but SU24 would be where I would go.
Just a quick point but make sure that you are on the same application server as the user being traced otherwise you will not get great data.
Cheers,
Simon
05-12-2008 9:53 AM
I agree with Hermant.
SU24 is a useful indicator wheras ST01 will give actual values checked depending on your use of the transaction.
05-12-2008 11:30 AM
Thats correct Alex!
Check/ Check-maintained fields in su24 are of use only if they are checked in the program. ST01 helps in identifying the events which check for the corresponding auth objects. Giving access to auth objects solely on the basis of su24, we may end up giving more accesses than actually required.
Also, many a times, due to security issues, critical auth objects are only checked and not maintained in su24. In that scenario ST01 helps in identifying the actual value that needs to be given for those.
05-12-2008 11:56 AM
>
> I agree with Hermant.
>
> SU24 is a useful indicator wheras ST01 will give actual values checked depending on your use of the transaction.
Also nice to know that objects will appear in the ST01 trace (with RC=0) even if they're set to 'do not check' in SU24.
05-12-2008 11:59 AM
05-12-2008 12:59 PM