06-26-2008 10:14 AM
Hi Gurus,
I am facing very strange error. we have desinged few pfcg roles for CEO reports.
I created 1 user, test_ceo & tried to run report, it shows auth. error, even though all required auth. are present.
Then i copied test_ceo to test_ceo1. Then i ran report for test_ceo1 & miracle, it is working.
I have done user comparison & tried everything.
Please i m curious to know, If the report is running for test_ceo1 with same pfcg role as for test_ceo. Then why reports showing auth error for test_ceo ??????
<removed_by_moderator>
Imran
Edited by: Julius Bussche on Jun 26, 2008 9:18 AM
06-26-2008 11:06 AM
hi imran,
are you using structural authorizations? does the trace tell you which check(s) is/are unsuccesful for the test_ceo user?
is it a standard report or a custom one?
06-26-2008 11:13 AM
Hello Imran,
if the authorization buffer (table usrbf2) is really identical for both users -
a) maybe there are some application specific settings for user test_ceo (maybe the user existed already some time ago??).
b) try to find out, if really the authority-checks cause the authorization-missing-message. I know of some problems, whenapplication used wrong eror-/warning-messages.
b.rgds, Bernhard
06-26-2008 11:45 AM
if the report is an ABAP report look in SQ03 if both users are added to the right usergroup.
Also compare the user parameters especially the ones that start with AQ
06-26-2008 6:23 PM
Hi Imran
try deleting the test_ceo id and reanme the test_ceo1 id to test_ceo and see if it gives the same auth error.
sometime this works.
May be user buffer issue.
Thanks and Good Day
Santosh Kumar
06-26-2008 9:52 PM
Sometimes, in special cases, the developers or other functional consultants do not understand the security concept, or they don't have one to use, or they have no faith in the one which they do have, anymore... at which point they create "check tables" in which the user ID's names of those authorized to run the report can be maintained via a view or other less sophisticated approaches. This is sometimes also the reason why they claim that they cannot perform their work in production systems without SAP_ALL.
This is less primitive than hard coding the user names into the report itself... which was the era before the check table approach, before they realized that they had to maintain the report code itself all the time. This is sometimes also the reason why they claim that they cannot perform their work in production systems without developer keys for them.
If my above rant is the explanation for this strange behaviour, then you will most likely find it by scanning the report code for use of the system field "SY-UNAME".
(Use the binoculars or report RPT_SCAN_SOURCE - not sure of the exact spelling though).
Cheers,
Julius
06-27-2008 9:16 AM
06-29-2008 8:07 AM
Thanks all for answering...
I moved same pfcg role to quality and there it is working for test_ceo user.
It might be auth. buffer issue in development system.
as go-live is near, i will check troubleshoot exact issue later and post again, so that it will be helpful for others.
06-29-2008 10:43 AM
> I moved same pfcg role to quality and there it is working for test_ceo user.
If it is a check table causing this, then the 'test_ceo" user might be missing in the table in DEV.
Another possibility is that a user parameter is not SET, and the program is trying to GET the parameter: Compare the parameter tabs in SU01 for them in DEV and QAS.
When you say it is not working, what is happening? Program stops? Exits? Uses wrong screen? Termination of the program? Short dump?
08-06-2008 11:42 AM