F-32 Tcode Authorization

Similar Messages

• Custom Tcode Authorization Error

  Dear Security Gurus,
  We are getting an authorization while testing Custom Tcode. This tcode is used for Uploading data.
  The authorization error shows missing Activity field value and a field called Operating Concern.
  The SU53 and the Trace(ST01) show the same error even though the role that is assigned to the user has exactly the required values.
  Also Authority Check in the Program of the tcode is maintained for only the Activity field and Operating Concern field.
  Hence we are unable to figure out why the auth. issue occurs even though the role assigned to the user has the missing values
  Please let me know how I can resolve this authorization issue.
  Regards,
  Arjun

  Hi ,
  Below is the Authority check section of the tcode :
  START-OF-SELECTION
    PERFORM F_AUTHORIZATION_CHECK
      AUTHORITY-CHECK OBJECT 'YTIPRC01' ID 'CEERKRS' FIELD P_ERKRS ID 'ACTVT' FIELD '01'
    PERFORM UPLOAD_DATA
      CALL FUNCTION 'GUI_UPLOAD'
        AUTHORITY-CHECK OBJECT 'S_GUI' ID 'ACTVT' FIELD '60'
  Even though I have the ACTVT value 01 and the corresponding CEEKRS (Operating Cncern ) Value in the role I still get the error.
  Thanks,
  Arjun

• BDC without tcode authorization

  Dear Freinds,
  how to run bdc program at end user end who dont have tcode (MM02)authorization ,please give me the function or or abap code or ay other way so tht i can bypass this authorization check process.
  Thanks Naveen

  Hi,
  Simply create a program and use inside CALL TRANSACTION tcode USING bdc_tab . This overcomes authority checks as long as it is configured to do so. Check transaction SE97 where you can switch that off (by default it is off). Then the user, who is not allowed to enter MM02 mormally, will be able to run this program and access tcode without authority check.
  Regards
  Marcin

• Tcode authorization without any role or profile

  Hi Experts ,
  Can you please suggest on authorization issue , if observed that one Tcode not given in to any roles or profile but some user still using this authorization.
  When I checked role and profile for such user using the SUIM still it shows no data.
  So is there any other way to assign direct Tcode without using any role or profile.
  Thanks in advance .

  not sure how you are using SUIM to check, just to be sure, use the complex selection method or the authorization values method. the by transaction method only check for transactions that were added via the menu.
  look for object= S_TCODE, value=(the transaction code)
  SUIM will then calculate if the transaction code was added manually and as part of a wild card or a range.
  i.e. if the transaction was MM02 it will be accessible if the S_TCODE had
  wild card value M*, MM*, MM0* or
  range value A*-Z*
  Otherwise, it is possible that it was called indirectly and the BADI does not perform a S_TCODE check.

• Transaction Launcher - TCode Authorization Issue for ERP transaction

  We are trying to implement an ERP transaction in the CRM WebUI via the transaction Launcher.  Everything has been set up properly and the transaction appears in the nav bar.  I am running it to launch a new window.  When i click on it, a new window pops up, with transaction IC_LTXE and an error saying
  *"You do not have authorization to view transaction ZSD_IC".*
  Everything seems to be set up properly and we can access the transaction with the same user id in ERP. He has SAP_ALL.
  Does this have anything to do with IC_LTXE?  Is there anything special i need to do to assign proper authorization to this user.
  Thanks,
  jeremy

  Hello Jeremy,
  We are trying to execute R/3 transaction from Transaction Launcher but we are facing problems.
  In order to execute transactions from TL we have copied object TSTC to ZTSTC  in both systems and use the method Execute to be used from Transaction Launcher customizing. Then we have customized T. Launcher in order to get two links, one to R3 transaction  (using the object ZTSTC, method execute and XD03 as value parameter) and one to CRM transaction (using the object ZTSTC, method execute and CRMD_MKTDS as value parameter).
  When we execute the TL link to CRM, transaction works properly through ITS, but executing the link to R3 transaction we receive the following popup message:u2018Logged Off Successfully. You have been logged off from SAP NetWeaver Application Server.u2019 the screen gets in blank and no further actions are executed.
  In order to correct the fail we have implemented these notes, but the problem still remains.
  0001224663 Launch of Front Office with Transaction Launcher fails
  0001263716 Launching Front Office Process using Transaction Launcher
  Based on your experience could you help us to get the right configuration to reach R/3 transaction through Transaction Launcher.
  Thank you very much in advance.
  Best regards.

• TCode Authorization issue

  Hi experts,
  I have one small but a bit complicated requirement.
  We are dealing with shipment(VT02N) and delivery(VL32N). First we are displaying a report in which delivery and shipment related to that delivery are displayed. Now there are four case: -
  Case 1: -
  Delivery A is open in edit mode and another user tries to open the same delivery in edit mode. User will get message that delivery "Delivery A" is under processing by another user and display delivery in . It is working fine.
  Case 2: -
  Shipment A is open in edit mode and another user tries to open the same shipment in edit mode. User will get message that delivery "Shipment A" is under processing by another user. It is also working fine.
  Case 3: -
  Delivery A is open in edit mode and another user tries to open the shipment related to this delivery in edit mode. User should get message that delivery "Delivery A" related to shipment "Shipment A" is under processing by another user. This is where I need help.
  Case 4: -
  Shipment A is open in edit mode and another user tries to open the delivery related to this shipment in edit mode. User should get message that shipment "Shipment A" related to delivery "Delivery A" is under processing by another user. This is where I also need help.
  Can any one please help me that which function module and what line of codes can help me?
  Thanks
  Siddarth

  I got no resolution from forum but one of my senior team member resolved it.

• List of new tcodes in BI 7.0

  Hello All,
  we are planning to upgrade from BW3.5 to BI 7.0 , i want to know list of new tcodes which will be coming to BI envoirnment,
  please tell me know what all  are new tcodes, authorization objects,fields are coming to BI7.0 also i have run SU25 but i can not find RSECADMIN in any roles , please suggest where can i find all the new tcodes .
  Thanks
  DK

  Hi DK,
  please go through the links.
  Re: TCodes and Tables
  TCODE's in BI 7.0
  Authorization - BI 7.0
  Hope this helps u.
  Thanks,
  Sai Chand

• No authorization for changing Customer Centrally- Idoc in Error Status 51

  Hi Experts,
  We are implementing MDM for one of the client.
  The client  runs a  modification scenario in MDM for Customer Master.
  He modifies a customer record in MDM and this record is transfered from MDM to ECC via PI through Idocs.
  We are using standard Idocs for Customer Master which is DEBMDM
  There are 2 Idoc's generated in ECC by PI from DEBMDM as DEBMAS and ADRMAS.
  ADRMAS Idoc is succesfull in ECC and the corresponding record is modified.
  Now the issue is that the corresponding DEBMAS Idoc goes into Error 51.
  The Error details is as below:
                                                                                  No authorization for changing vendor Centrally                                                                               
  Message no. F2326                                                                               
  System Response                                                                               
  You cannot access the requested data.                                                                               
  Procedure for System Administration                                                                               
  If necessary, include an entry in the user's authorization profile for  
      the authorization object and parameters specified below.                                                                               
  Authorization object:                                                                               
  o   F_KNA1_APP                                                                               
  Parameters:                                                                               
  o   Activity: 02
      o   Application authorization : *
  We gave the respective authorization object to the RFC User ID used in PI RFC created to connect to ECC.
  Also we have given the user id  Tcode authorization like XD01/02/03.
  But this error still persists.
  Request to throw some light on this.
  Cheers
  Dhwani

  Check these threads
  [Re: IDOC STATUS - 51 " IDOC HAS TEST STATUS|IDOC STATUS - 51 " IDOC HAS TEST STATUS";
  [Error Inbound IDoc - Status 51|Error Inbound IDoc - Status 51;
  thanks
  G. Lakshmipathi

• 5.2  --  GOTO SE16 and enter TSTC for TABLE NAME.  TCODE FIELD /VIRSA*

  Should the following tcodes work?  If so, how do I troubleshoot the ones that don't work?  If not, how do they get configured to work?  Can someone provide a link for documentation?
  TCODE                                  TTEXT                              
  /VIRSA/ALERTGEN                  Activity Monitoring                
  /VIRSA/MICCONFIG                  Virsa MIC User mapping Configuration
  /VIRSA/ORGUSRMAPPING    Maintain ORGUSERS table            
  /VIRSA/RE_DNLDROLES       Role Expert 4.0                    
  /VIRSA/VFAT                  Firefighter                        
  /VIRSA/VRMT                  Role Expert                        
  /VIRSA/ZMGMTRPT                  Management Report Graphical View   
  /VIRSA/ZRTCNFG                  Risk Terminator Configuration      
  /VIRSA/ZRTDELLOCK            Delete Role Lock                   
  /VIRSA/ZRTRGLOG                  Risk Terminator Role Generation Log
  /VIRSA/ZVFAT_U02                  FirefightId Log summary            
  /VIRSA/ZVFAT_U03                  Reason/Activity report             
  /VIRSA/ZVFAT_U04                  FirefightId Transaction Usage      
  /VIRSA/ZVFAT_U05                  Invalid Firefighter Ids/Owners/Cntrl
  /VIRSA/ZVFAT_U06                  SOD Conflicts in Firefighter       
  /VIRSA/ZVFAT_U07                  Data Migration from Master to Text 
  /VIRSA/ZVFAT_V01                  Log Report                         
  /VIRSA/ZVFAT_V02                  Log Report                         
  /VIRSA/ZVRAT                  SAP Compliance Calibrator          
  /VIRSA/ZVRATBAK1                  Update data for Mgmt Graphical View
  /VIRSA/ZVRAT_C01                  Security & Controls Policies       
  /VIRSA/ZVRAT_COVN            Conversion of CC tables, Old to New
  /VIRSA/ZVRAT_D01                  Download Spool Requests by Job Name
  /VIRSA/ZVRAT_L01                  Conversion Utility for CC Text Table
  /VIRSA/ZVRAT_L02                  Conversion Utility for Long Texts  
  /VIRSA/ZVRAT_M01                  Upload/Download CC tables          
  /VIRSA/ZVRAT_M02                  Where Used list of Mit. Control Id/M
  /VIRSA/ZVRAT_M03                  Analyze disabled SOD TCode & Object
  /VIRSA/ZVRAT_M04                  Optimizer for SOD Data Table       
  /VIRSA/ZVRAT_M05                  Where Used list of  Control Id/Monit
  /VIRSA/ZVRAT_MG1                  Management Cockpit                 
  /VIRSA/ZVRAT_P01                  Display changes to Profiles        
  /VIRSA/ZVRAT_R01                  Count authorizations in roles      
  /VIRSA/ZVRAT_RB2                  Rule Architect                     
  /VIRSA/ZVRAT_RB3                  Rule Architect Conversion          
  /VIRSA/ZVRAT_S01                  Monitor Conflicts & Critical Trans.
  /VIRSA/ZVRAT_S021                  Monitor Conflicts & Critical Trans.
  /VIRSA/ZVRAT_S03                  Download Objects for Tcodes        
  /VIRSA/ZVRAT_S04                  SOD Conflicts for TCodes and Objects
  /VIRSA/ZVRAT_S05                  SOD Rule Wizard                    
  /VIRSA/ZVRAT_S06                  SOD Rule Validation Tool           
  /VIRSA/ZVRAT_S07                  Non Reference Report               
  /VIRSA/ZVRAT_S08                  User Access Report                 
  /VIRSA/ZVRAT_S09                  Comparing diffrent SOD Matrices    
  /VIRSA/ZVRAT_S10                  Tcodes by Roles/Profiles, never exec
  /VIRSA/ZVRAT_S11                  Authorization object by Roles/Profs
  /VIRSA/ZVRAT_S12                  Transactions executed by Users     
  /VIRSA/ZVRAT_S13                  Comparing Critical Tcode Matrices  
  /VIRSA/ZVRAT_S14                  Comparing SOD Authorization Matrices
  /VIRSA/ZVRAT_S15                  Compare Sod Tcode & Authorization  
  /VIRSA/ZVRAT_S16                  Comp.Calibrator Data Maintenance   
  /VIRSA/ZVRAT_U01                  Count authorizations for Users     
  /VIRSA/ZVRAT_U02                  Analysis of called trans in Cus.code
  /VIRSA/ZVRAT_U03                  Management Report                  
  /VIRSA/ZVRAT_U05                  Expired and Expiring Roles for Users
  /VIRSA/ZVRMT_U01                  Check Role Status                  
  /VIRSA/ZVRMT_U02                  Check Tcodes in Menu & Authorization
  /VIRSA/ZVRMT_U03                  Compare Users Roles                
  /VIRSA/ZVRMT_U04                  List roles assigned to a user      
  /VIRSA/ZVRMT_U05                  Where used list for roles          
  /VIRSA/ZVRMT_U06                  List roles and transactions        
  /VIRSA/ZVRMT_U07                  Create/Modify Derived Roles        
  /VIRSA/ZVRMT_U08                  Analysis of Owners Roles and Users

  Hi Greg,
     Most of the TCodes work but they are not being used. Which products do you currently have? Most of these tcodes are obsolete as they were part of old Virsa products. Here is the explanation:
  -> At the start, Virsa had five different products namely Compliance Calibrator (CC), Fire Fighter (FF), Role Expert (RE), Risk Terminator (RT) and Access Enforcer (AE). Except AE, all other products were developed into SAP R/3 using ABAP so the transaction you see are coming from those four products. As of now, CC and RE has been moved to Java (same as AE) but RT and FF still reside in ABAP side.
  -> You should be able to configure Tcodes related to FF and RT. You do not need to configure Tcodes for CC and RE.
  -> You must be wondering how did you get all these Tcodes? Through the RTA (Real Time Agent) you have installed for GRC AC 5.2 in your SAP backend system. Even though, AC 5.2 does not need full blown products in the back-end, RTA still contains all of those products.
  -> To start using these products, you will have activate BC sets. I do not recommend you to use CC and RE, if you are already using those products via Web front-end. FF and RT has some pretty good features.
  -> Please follow AC 5.2 configuration guide to configure FF and RT.
  If you don't want to use any of these, don't bother. These tcodes don't affect anything in your system.
  Regards,
  Alpesh

• Maintain Authorization for Master Data

  Hi Experts,
  We are implementing  PM Module to our client now i want to know.Is there is any relation of PM Team to Maintain Authorization for Master DataPFCG Transaction Code.I want to know for creating the Role for PM Users how the PM team provide the support.
  Regards,
  Kavvya

  Yes, we play a greater role in getting the roles defined. We practically don't do it, the basis team gets it done. But, all the list of tcodes per role, authorization objects are to be listed by us. Check with your seniors, you should see the authorization matrix made during the implementation.
  This sheet lists all the roles to be assigned along with tcodes, authorization objects and list of the users, who will be assigned these roles. Maintenance engineer and Maintenance manager will obviously be two different roles. It again depends on the size and the way the company works and wants authorization.
  Regards,
  Ketul

• Authorization check during logon

  hi,
  please help me to find out the answer.. which authorization object is checked first when a user log in to a sap system?

  Hi Adri,
  While logging no authorization are checked against your ID,but your Authorization are copied in user buffer.
  When you execute tcode authorization are check from this buffer.
  If you don't assign any authorization i.e role to user, user is able to login but cannot execute any tcode.
  This justified it.
  Try it out.
  Hope this helps

• Authorization needed for executing f.05-urgent

  Dear expert,
  What tcode/authorization must be had for person to executed f.05?
  Please advice.
  Thank you

  hi Putri,
  the solution I suggested has to work for each kind of auth issue. Pls. give it a try. Start the transaction, do the posting and wherever you get the message that an auth. check failed, just try /nsu53. It will tell you what is missing (either transaction or org. element or whatever). if nothing is missing, than the issue is not related to auth. So simple.
  You are right: F-05 starts FB01, so if a user wants to start F-05 he needs auth for FBB1 as well, but if he has not, the transaction will stop immediately with error message about the missing auth.
  ec

• User authorization table

  Hi experts,
  i need to know which table is stored tcode and user name or is there a function that whether user have autorazation to run tcode. i have a tcode list program and if user double click tcode field, tcode runs. But it doesn't check tcode authorization.
  how can i do it.
  Thanks.

  Hi,
  You can use function module 'AUTHORITY_CHECK_TCODE'  to check if the user has access to the transaction.
  Sujay

• Release strategy for sales docs.

  dear all,
  we have a process in sales ,that we create scheduling agreement or sales order .It will have to be released by 4 different people with  different levels .Once released documents should not be modified by anyone except amendment procedure.
  Pls suggest as to how to achieve this ...
  thanks
  shankar

  This release procedure is not available in SAP for sales .
  you can create Z*tcodes for this, for 4 diff ppl or levels
  maintain the delivery block in sales order ( which will trigger directly from sales doc type)
  in create sales order - made this "display mode"- by using transaction variant.
  Now create
  Z*
  Tcode- ZLVL-1 - 
  a-Waiting for approval
  b-approved level-1   - in this level, he can access only these 2 fields either a or b.
  Tcode: ZLVL-2
  c-approved level-2
  similarly next 2 levels.
  d- approved level-3
  e-approved level-4
  Give tcode authorization only for respective levels-
  eg:level 1- ZLVL-1 n so on,
  Now in sales order , userexit, write a logic
  if the "delivery block " - approved Level-4 (E),
  then , allow to save the sales order
  or else trigger error mssg as " Not yet approved, cant save the document"-
  hope it helps, without development i dont think its possible.

• How to remove SPRO from SAP_ALL profile

  Hi Friends,
  Since my client needs access to SAP but we dont want to give them SPRO Tcode authorization.
  So i would like to have your advice on that so as wht to be done and how can we create a profile without SPRO Tcode.
  Regards
  Ayush

  Ayush Johri wrote:
  > I think its not that difficult, although i dont know this. but i have heard people saying that they have made SAP_ALL profile without SPRO...
  It is easy to copy SAP_ALL and create a role without SPRO
  This will not stop people from accessing the functions behind SPRO for the reasons posted before.
  Lots of people claim they create a SAP_ALL without SPRO, I will bet £1000 (I know it's worth many euro's at the moment) that 90%+ of those roles which people think have SPRO removed will not stop people accessing config.
  Ask yourself this question....
  If you build a house do you:
  1. Buy a giant piece of rock and cut holes in it
  2. Build it from components - bricks, windows, doors etc