05-22-2008 9:35 AM
Hi,
How do I check out whether a user has the authorization to access the table?
Apparently, user cant access shipment creation, Checked in SU53, I cant find any authorization object. Please help. Thanks.
05-22-2008 9:59 AM
05-22-2008 10:06 AM
Could you be more specific. What transaction is the user using?
I ask this because I doubt that a user is creating shipments directly in database tables via SM30 (table maintenance transaction). If he/she is indeed doing it via SM30, he/she we'll need following auth. obj./field=value combination:
S_TCODE/TCD=SM30
S_TABU_DIS/DICBERCLS=<auth. group for accessed table>*;ACTVT=02, 03
*You can find the authorizations group a table belongs to in table TDDAT.
05-22-2008 10:15 AM
the tcode to access is VT01N - To create shipment.
if let's say that there is authority check.
AUTHORITY-CHECK OBJECT 'V_VTTK_TDS'
ID 'TPLST' FIELD vttk-tplst
ID 'ACTVT' FIELD da_actvt.
how do I check whether user has authority to access the authority object 'V_VTTK_TDS'?
05-22-2008 10:17 AM
Explore transaction SUIM.
Lots of authorization, user and role/profile related reports.
05-22-2008 10:35 AM
To find a role that could provide the necessary authorizations do:
SUIM >> Roles/By Authorization Values >> *Enter these values >> Execute
*
Object 1 = V_VTTK_TDS
Activity = 01
Transportation planning point = <whatever the user enters in "TransportPlanningPt" field on VT01N initial screen>
I'm not familiar with the transaction so I can't really say what authorizations are required to perform the full range of actions.
As someone already pointed out, running a trace (via ST01) on the user while he/she is using the transaction is the best way.
05-22-2008 10:37 AM
Hi ,
You can check using txn suim which roles he is accessing. Check this transaction is assigned which role and opend that particular role.
Check this object 'V_VTTK_TDS' if this object there check authorization values. if not there you can add this object manually otherwise check su24 txn if this object maintained or not.
Siva
05-22-2008 2:41 PM
Hi,
You can check through the T-Code SU56.
Go to SU56 -> Go to the menu Authorization Values -> Click on 'Different User/Authorization Object'.
In the upcoming dialog give the user name and the Authorization Obj name.
It will show you whether the Authorization Object has been added to this user or not; and also the fields and their values if the object contained by the profile assigned to the user.
Regards,
N.Amarnath
05-23-2008 3:05 AM
May I kno how do I add the missing authorization code to the particular user?
05-23-2008 6:02 AM
Two common ways of doing this is to either add the transaction to the menu tab of the role, or to maintain the authorization as a "proposal" in Su24 for an existing transaction (an appropriate one of course).
Perhaps you should consider taking a training in authorization administration or read the application help on PFCG at least before you do this by trial-and-error? Just an honest piece of advise.
Cheers,
Julius
05-23-2008 6:53 AM
Thanks Julie. This was suppose to be basis kind of job to do, but i do hope to take up something to learn, do you have any good recoomendation tutorial on this type of secuirty topic?
05-23-2008 7:05 AM
I think it differs from company to company who is supposed to do authorization and user admin, also who has access to it. "Basis" often tend to pick up all the dirt which no one else wants to do or for which there is no process. It is a pity actually.
Regarding tutorial, I am not sure. Alex Ayers and I wrote a blog on the topic a while ago, but it is not a step-by-step guide. The documentation on transactions PFCG and SU24 is probably the best place to look.
Cheers,
Julius
05-23-2008 7:10 AM
05-23-2008 7:22 AM
SAP Library is a good place to start. Wealth of information. Sections on Identity Management and Security is what you're looking for.
Pick the product your company or client uses and read up.
[http://help.sap.com/]
05-23-2008 7:23 AM
Here is the blog I was referring to: /people/julius.vondembussche/blog/2008/04/19/how-to-get-hit-by-the-abap-authorizations-bus-and-survive-to-tell-the-tale--part-1
(sorry, I don't mean to advertize the blog, just to share it
The application help can be found by starting the transaction and then selecting from the menu Help => Application help.
This is also release dependent documentation which is a better source, as things change over time.
Cheers,
Julius
05-23-2008 3:13 AM
Is there a place to set only particular users are able to access this tcode, example :zxxx?