No authorization for Write trip 0000000000

Hello,
I am testing the HR Expense authorization. While creating expense I am getting authorization error
"No authorization for Write trip 0000000000". I have trace the error log and applied the configuration in profile as suggestion, however it is still failing. I am using SAP ERP 6.0 (702).
Kindly let me know your thougt on above situation and to overcome from it.
Thank you,
Kailash

I would interpret the trip number to mean that it does not exist and the error message is misleading.
Very often authorizations are "blamed" for configuration and data dependent testing errors.
Adding more authorizations usually does not solve the problem. Unfortunately it sometimes does, but creates a mess...
Cheers,
Julius

Similar Messages

"No write authorization for personal portfolio of user" from BW

Hi, we are working on connection from BW 3.5 InfoBroadcaster into EP 6.
When I try to publish BW webtemplate to EP to my personal portfolio I got follwoing messages:
"<i>Settings were started from the BEx Broadcaster
Processing for user AC3339, language EN
   Processing setting
    No write authorization for personal portfolio of user AC3339
    File 'ZM_P2P_SCORECARD_ORG_HIER_STAT' Was Successfully Created in the Portal</i>"
Unfortunatelly, after this I cannot find this report in EP. Can anyone help us with this error?
Thank you
Vitaliy

Did you setup authorizations as described:
On BW side: You need special authorizations to be able to use information broadcasting. System administrators need authorization object S_RS_ADMWB with the field RSADMWBOBJ = BR_SETTING. Users that precalculate business intelligence content and would like to schedule things require the authorization object S_RS_BCS. To be able to schedule broadcaster jobs in background the authorization to run batch jobs should be granted on BW side. The authorization object is S_BTCH_JOB "Background Processing: Operations on Background Jobs"
From my own experience:
On portal side: The users, to which personal folders it is necessary to publish, should exist both in EP and BW (have the same name), be active and have Business Explorer role assigned in EP (i.e. "Personal BEx documents" folder in KM should exist for them)

What happends when you give 2 groups with some of the same members different authorizations for a document

Hello,
I'm doing my internship at a litte Telekom company. I'm investigating how they can use MS SharePoint as their central place to put projectinformation. Now i've been thinking what happends when i do the following:
Make one document library
Add 2 groups to the Active Directory, group "A" with all the employees and group "B" with only four people working on a project. When i add a document to the document library and set the authorizations for the document as
follows:
Group B: Read/Write
Group A: Read
Does the people from group B still be able to edit the document, because they are also in group A?
I don't have a test environment to test this myself.
Why i want to know this? The company want's one place to place all their documents with projectinformation. This information is about different projects. You only wan't that people can change the specific document when they are working on the specific project
where the document belongs to.

You get the union of permissions, so if one group allows access and the other not, you will get the union of both and therefore access. Of course, you can break security settings per library/folder or document, and specify new settings,
if you need too.
Kind regards,
Margriet Bruggeman
Lois & Clark IT Services
web site: http://www.loisandclark.eu
blog: http://www.sharepointdragons.com

What's the best way to do authorization for my app?

The authorization situation is somewhat complicated for my app.
Each component of the app is authorized based on not only the user, but also the page number, the value of at least one P0_ITEM.
From what I've seen so far, there are two different options of setting the authorization for the component:
1. Set its Condition
2. Set its Security Authorization Scheme
Here is my understanding for each (from my limited experience with APEX):
1. Set its Condition
+ Can pass in parameters such as :APP_USER, page numebr, P0_ITEM. So I can just create one function that does all the authorization
- Have to combine the SQL query with the component's non-authorization display conditions, if any.
2. Set its Security Authorization Scheme
+ By name, it seems like it should be used for authorization
- Cannot take in parameters relating to the page, such as the page number --> therefore I will need to create many different schemes, for all the different pages.
#2 will end up with a long list of schemes (each with its own SQL queries) for different pages, which doesn't seem as efficient as #1 with far fewer SQL queries and just take in parameters.
Which one should I pick?
Thanks!

953006 wrote:
Thanks fac586 for the detailed response, and also everyone else who replied. You guys are very helpful and respond promptly. And we'd appreciate it if you changed "953006" into a real handle promptly.
Andre mentioned using conditions:
The way I work around this is to have two functions, one which is used at the page level as a normal authorization scheme and one which can be passed variables which is called as a Condition and the name of the item is one of the variables, in effect giving it "self awareness".But fac586 said:
You can't pass "parameters" to authorization schemes. Use application items, APEX collections or application contexts to set current context before the authorization scheme is evaluated, and access these values in the functions.Does this mean, fac586, that we can avoid conditions altogether? No, it means that I prefer to use Authorization Schemes to control access to resources based on user privileges and security, and Conditions to control rendering and processing for functional reasons. Using the approach described above I have found it possible to maintain this separation.
Say if a page has two buttons, Button_A and Button_B. Button_A has a set of requirements for displaying and Button_B has its own set of requirements (some of which are shared with Button_A). So far, the only way that I can see of using pure authorization is to write 2 different authorization schemes, and set the authorization schemes for the two buttons respectively.What's the problem with that? Consider a more concrete example using a standard APEX report/form pattern for customer maintenance. Page 6 contains the report, and page 7 is the maintenance form with P7_CREATE and P7_SAVE buttons. Only users entitled to create new customers should have access to P7_CREATE, and only users able to edit customers access to P7_SAVE. This would be controlled by the CREATE_CUSTOMER and EDIT_CUSTOMER authorization schemes respectively. Functionally, conditions are used to show P7_CREATE if the P7_CUSTOMER_ID is null, and P7_SAVE if it's not null. We don't mix non-functional security considerations with functional requirements.
The CREATE_CUSTOMER and EDIT_CUSTOMER authorization schemes are of type PL/SQL Function Returning Boolean. These are implemented using package functions. Exactly how a user has create/edit customer privilege is determined in the package. Determinants that are shared by multiple schemes can be combined at this level. These implementations can be changed as necessary without requiring changes to the application.
The authorization schemes are reusable across pages and components. On page 6, CREATE_CUSTOMER can be used on the "Create New Customer..." button; EDIT_CUSTOMER on the report column containing the "Edit" links.
Each component of the app is authorized based on not only the user, but also the page number, the value of at least one P0_ITEM. So I guess this goes back to my original concern with Authorizations:
[Using purely authorizations] will end up with a long list of schemes (each with its own SQL queries) for different pages [and page items] ....
Re: VPD policies. Note that in the example above there's no need for the authorization schemes to "know" which pages/items are being evaluated. The P7_SAVE button and the page 6 link column are involved with the EDIT_CUSTOMER operation, so that authorization scheme is applied to them.

New MackBook Pro and now I got an iPad 2. I had an iTunes acc opened on another Mac that had not used it in a long time. Now I need to get APPS but not permitted on this Mac (authorization to write on iTunes Media ?)

Need assitance to obtain permission to download APPS for my iPad through my MacBook Pro that for some reason iTunes is not allowing to do, I get message like "this computer doesn't have authorization to write on ITunes Media.
I have had the iTunes account for a long time but hardly used, never on this computer (new).

If you have been using the mac.com Apple ID to make iTunes purchases recently, then there should be no issues continuing to use it with the new iPhone. I would abandon the new ID as you will never get Apple to merge the two IDs. I have had a mac.com ID for years and continue to use it with my iPhone 4S.
Tell us the issues that you encounter trying to set up the iPhone with the mac.com account.

Authorization for Create Only - No change

Hi,
I need to give certain users authorization to Create an Infotype. Change will not be given to these users.
In Authorization Level, I think we can only specify R (other variations of R like M etc.) or W.
Please let me know on how this can be achieved.
PS: I have looked into using BAPI HRPAD00AUTH_CHECK, but I am not sure on how to implement this for just one infotype.
Thanks for all your help in advance.
Regards,
Ani

Thanks Pavani and Anil for your answers.
Pavani, the basis folks have told that they can give either R/M which are for read authorization or W which is for write. They cannot restrict to just change.
Anil, what is the authorization level? Does specifying that to 'T', allow for Creating an infotype and "Disallow changes".
Our Authorizations are mostly,
Authorization level - R, M
InfoTtype - 0001,0007
PersonnelArea - *
Employee Group - *

"no authorization to write in Itunes Media folder"

when I want to import a cd in Itunes, I got the message "no authorization to write in the Itunes Media folder". How can I fix this?

With those settings all music that you add will go into the specified media folder structure. If you want to make sure that all your music (specifically, that added prior to changing the iTunes Media folder location and/or the other two options) is there you need to perform an extra step - just changing the iTunes Media folder location doesn't move anything that was previously added to iTunes and stored in a different location. To make that change, select File > Library > Organize Library... and when you see this prompt:
click the Consolidate files check box and - if its not greyed out - the Reorganize files ... check box. Then click OK - this will move any media files that are linked from your iTunes library to other locations to the standard folder structure under the iTunes Media folder,
For more info, see Turingtest2's documents on:
Make a split library portable - details on how to bring your library into a "well formed" layout for ease of organization as well as creating/maintaining a backup
Getting iTunes & Windows Media Player to play nicely describes how to avoid issues resulting from iTunes and WMP conflicting over file and folder locations.
(Edit - for media that you've purchased via your phone, you'll need to make sure that all iTunes Store purchases are downloaded onto your PC - see Re-download or transfer your iTunes Store purchases from an iPhone, iPad or iPod to a computer - Apple Support)

FTP_CONNECT: User ------- has no access authorization for computer -------.

Hi, could anyone please help me resolve the following issue:
When i run the code below, it comes back saying "could not connect to "host". When tried to run in debug or test the FM "ftp_connect" it says "user ..... has no access authorization for computer .....
REPORT ZALB_FTP_TEST.
types: begin of t_ftp_data,
         line(132) type c,
       end of t_ftp_data.
data: lv_ftp_user(64)                value 'branch'.     "change this
data: lv_ftp_pwd(64)                 value 'careful'. "change this
data: lv_ftp_host(50)                value '10.50.1.199'.     "change this
data: lv_rfc_dest like rscat-rfcdest value 'SAPFTP'.
data: lv_hdl    type i.
data: lv_key    type i               value 26101957.
data: lv_dstlen type i.
data: lt_ftp_data type table of t_ftp_data.
field-symbols: <ls_ftp_data> like line of lt_ftp_data.
*describe field lv_ftp_pwd length lv_dstlen.
lv_dstlen = strlen( lv_ftp_pwd ).
call 'AB_RFC_X_SCRAMBLE_STRING'
id 'SOURCE'      field lv_ftp_pwd
id 'KEY'         field lv_key
id 'SCR'         field 'X'
id 'DESTINATION' field lv_ftp_pwd
id 'DSTLEN'      field lv_dstlen.
call function 'FTP_CONNECT'
exporting
    user            = lv_ftp_user
    password        = lv_ftp_pwd
    host            = lv_ftp_host
    rfc_destination = lv_rfc_dest
importing
    handle          = lv_hdl
exceptions
    not_connected   = 1
    others          = 2.
if sy-subrc ne 0.
write:/ 'could not connect to', lv_ftp_host.
else.
write:/ 'connected successfully. session handle is', lv_hdl.
call function 'FTP_CONNECT'
    exporting
      handle        = lv_hdl
      command       = 'dir'
    tables
      data          = lt_ftp_data
    exceptions
      tcpip_error   = 1
      command_error = 2
      data_error    = 3
      others        = 4.
if sy-subrc ne 0.
    write:/ 'could not execute ftp command'.
else.
    loop at lt_ftp_data assigning <ls_ftp_data>.
      write: / <ls_ftp_data>.
    endloop.
    call function 'FTP_DISCONNECT'
      exporting
        handle = lv_hdl
      exceptions
        others = 1.
    if sy-subrc ne 0.
      write:/ 'could not disconnect from ftp server'.
    else.
      write:/ 'disconnected from ftp server'.
    endif.
endif.
endif.
Thanks in advance for the help.

It doesn't work for me if I just maintain * entry.
But it works after I maintained specific IP address into the table,
ref notes:2072995 - User has no access authorization for computer
Cause
The message comes after the implementation of note '1605054 - Restriction in access to FTP Servers & usage of test reports' or upgrading to a
support package that contains this note. This note was created to prevent malicious users from accessing remote FTP servers.
Resolution
1. Please ensure that all manual steps from note 1605054 are implemented in your system along with the code corrections
2. Then please enter the allowed FTP servers into the table SAPFTP_SERVERS or enter ‘*’ to allow all FTP servers.

No authorization for printer "LP01"

Hi All,
i wish to archive the data in BW.
for that i had created archive object also.
now when i schedule the write job it is giving me the error as following
No authorization for printer "LP01".
i had checked the user authorizations and i had assigned SAP_ALL & SAP_NEW authoriztaion profiles as well.
even i changed out put device to bt by creating new out put device using spad tcode.
what could be the problem?
Ravi

hello Ravi,
>Go to PFCG. Create a test role named test. Then go to Authorizations tab. Choose expert mode for profile generation.
A pop up would come up asking you to choose a template. Close it. Do CTRLSHIFTF9 or in the application tool bar choose the option manually.
In the resulting pop up give s_spo_dev as input and press enter.
Now expand the yellow node and give the value as LP01.
Generate the role profile and come out of the role. Assign this role to your user id and then after log out and relogin try agai n.
Hope it helps.
Please award points for useful info.
Regards.
Ruchit.

ECC6: Authorizations for GOS

In ECC6, I should give two different levels authorization into generic object services Toolbox.
I have two type of users:
1. Administrator
2. Accountant
The Administrator should be able to create, edit, display and delete notes.
The Accountant should be able just to create and display notes.
Administrator users were given the S_OC_ROLE athorization object .
Accountant users were given the S_GOS_ATT authorization object, though this doesnu2019t work since the accountant users are still able to edit and delete notes.
My question is: how can I remove the edit and delete authorizations for accountant users?
Thanks,
Kind Regards

A concrete scenario I have to deal with:
The scope for all business partners and transactions should be limited to central Europe.
The relevant field for this authorization is the id (number range) respectively the business partner grouping.
- I would use ACE rules to filter the relevant business partners by their ID or grouping and relevant transactions by their account-assignment
- I would set up ACE rights to limit access for the actions read, write and delete
- to handle the create authorization, I have to define a PFCG role and limit access to certain CRM components
The user should be allowed to read Corporate Accounts,
to read, edit, create Contacts,
is not allowed to deal with Opportunities,
is allowed to create, read all activities and to read, edit, delete own activities (if he is the creator),
is not allowed to deal with any report or pipeline performance.
- ACE role/right to read Corporate Accounts
- PFCG role to restrict create access for the BP_HEAD component
- (ACE role/right to limit search results for opportunities)
- PFCG role to restrict create, search, overview access for the BT111M component
- Business role without Work Centers or Logical Links to opportunities
- ACE role to limit access to read activities
- ACE role to limit access to read, edit, delete activities which the user has created
- PFCG role to restrict access to all pipeline performance components
- remove PFCG roles for report access (e.g. SAP_CRM_OR_USER)

While accessing Integration Directory (No authorization for this action)

Hi,
I am getting below error, while accessing Integration Directory it is showing (No authorization for this action
I had provided necessary authorization to XI* users & j2ee_guest, j2ee_admin.
below error is in application.log
#1.5#0019BB24F5460065000000130000145000045BA13A34D68B#1226647931285#/Applications/ExchangeInfrastructure/Directory#sap.com/com.sap.xi.directory#com.sap.aii.ib.web.clidist.DownloadServlet#J2EE_GUEST#0####59978c50b21e11dd9a8b0019bb24f546#SAPEngine_Application_Thread[impl:3]_18##0#0#Error#1#com.sap.aii.ib.web.clidist.DownloadServlet#Plain###Cannot locate jnlp resource
Thrown:
com.sap.engine.services.httpserver.exceptions.HttpIOException: Write timeout. HTTP client read timeout or callback from dispatcher not received for [10000] milliseconds.
     at com.sap.engine.services.httpserver.server.ResponseImpl.sendResponse(ResponseImpl.java:281)
     at com.sap.engine.services.servlets_jsp.server.runtime.client.ServletOutputStreamImpl.flush(ServletOutputStreamImpl.java:411)
     at com.sap.engine.services.servlets_jsp.server.runtime.client.ServletOutputStreamImpl.write(ServletOutputStreamImpl.java:236)
     at com.sap.engine.lib.io.GZIPMultiOutputStream$StreamTool.deflate(GZIPMultiOutputStream.java:123)
     at com.sap.engine.lib.io.GZIPMultiOutputStream.write(GZIPMultiOutputStream.java:339)
     at com.sap.engine.services.servlets_jsp.server.runtime.client.GzipResponseStream.write(GzipResponseStream.java:230)
     at com.sap.aii.ib.web.clidist.DownloadResponse$FileDownloadResponse.sendResponse(DownloadResponse.java:114)
     at com.sap.aii.ib.web.clidist.DownloadServlet.handleRequest(DownloadServlet.java:104)
     at com.sap.aii.ib.web.clidist.DownloadServlet.doGet(DownloadServlet.java:34)
     at javax.servlet.http.HttpServlet.service(HttpServlet.java:740)
     at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
     at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.runServlet(HttpHandlerImpl.java:401)
     at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.handleRequest(HttpHandlerImpl.java:266)
     at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:387)
     at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:365)
     at com.sap.engine.services.httpserver.server.RequestAnalizer.invokeWebContainer(RequestAnalizer.java:944)
     at com.sap.engine.services.httpserver.server.RequestAnalizer.handle(RequestAnalizer.java:266)
     at com.sap.engine.services.httpserver.server.Client.handle(Client.java:95)
     at com.sap.engine.services.httpserver.server.Processor.request(Processor.java:160)
     at com.sap.engine.core.service630.context.cluster.session.ApplicationSessionMessageListener.process(ApplicationSessionMessageListener.java:33)
     at com.sap.engine.core.cluster.impl6.session.MessageRunner.run(MessageRunner.java:41)
     at com.sap.engine.core.thread.impl3.ActionObject.run(ActionObject.java:37)
     at java.security.AccessController.doPrivileged(Native Method)
     at com.sap.engine.core.thread.impl3.SingleThread.execute(SingleThread.java:100)
     at com.sap.engine.core.thread.impl3.SingleThread.run(SingleThread.java:170)
Regards,
hari

Hi,
Thanks for your quick update,
I had provided for all necessary aauthorizations in SU01. still i am facing problem.
here i am attaching default.0.trc contains error.
Pls guide me,
#1.5#0019BB24F546006E0000000F0000145000045BA198970570#1226649514800#com.sap.engine.services.httpserver##com.sap.engine.services.httpserver#XIAFUSER#228##tdcusappay_PXI_4766550#XIAFUSER#096e7910b22211dd812c0019bb24f546#SAPEngine_Application_Thread[impl:3]_10##0#0#Error#1#/System/Server#Plain###User XIAFUSER, IP address
HTTP request processing failed. HTTP error [403] will be returned. The error is [You are not authorized to view the requested resource.No details available].#
#1.5#0019BB24F546005F000000500000145000045BA19A61CE61#1226649544878#com.sap.engine.services.httpserver##com.sap.engine.services.httpserver#XIAFUSER#229##tdcusappay_PXI_4766550#XIAFUSER#1b5c02f0b22211dd82890019bb24f546#SAPEngine_Application_Thread[impl:3]_37##0#0#Error#1#/System/Server#Plain###User XIAFUSER, IP address
HTTP request processing failed. HTTP error [403] will be returned. The error is [You are not authorized to view the requested resource.No details available].#
Thanks & Regards,
hari

Authorizations for Adobe Interactive forms

Hi,
During Adobe configuration I encounter serious trouble in determining the needed authorizations. We implement basic Adobe forms initiated by managers.
Can anyone please instruct which SAP ECC roles are needed for executing Adobe Interactive forms?
Situation
We assigned the Adobe roles:
SAP_BC_CM_USER
SAP_ASR_MANAGER
The manager has also assigned authorizations to view PA objects for subordintes.
With extended authorizations I can start new process. However, when the process is started with same user but with the authorization mentioned above I receive the following error:
"No Adobe Form Is Assigned to the Scenario"
com.sap.pcuigp.xssfpm.java.FPMRuntimeException: No Adobe Form Is Assigned to the Scenario
     at com.sap.pcuigp.xssfpm.java.MessageManager.raiseException(MessageManager.java:111)
     at com.sap.pcui_gp.isr.isrprocessevent.FcISRProcessEvent.raiseExceptions(FcISRProcessEvent.java:1980)
     at com.sap.pcui_gp.isr.isrprocessevent.FcISRProcessEvent.callRFCIsrGetFormUrl(FcISRProcessEvent.java:1042)
     at com.sap.pcui_gp.isr.isrprocessevent.FcISRProcessEvent.setTemplateSource(FcISRProcessEvent.java:459)
     at com.sap.pcui_gp.isr.isrprocessevent.FcISRProcessEvent.callRFCIsrProcessEvent(FcISRProcessEvent.java:798)
     at com.sap.pcui_gp.isr.isrprocessevent.FcISRProcessEvent.callIsrProcessEvent(FcISRProcessEvent.java:380)
     at com.sap.pcui_gp.isr.isrprocessevent.wdp.InternalFcISRProcessEvent.callIsrProcessEvent(InternalFcISRProcessEvent.java:1234)
     at com.sap.pcui_gp.isr.isrprocessevent.FcISRProcessEventInterface.callIsrProcessEvent(FcISRProcessEventInterface.java:127)
     at com.sap.pcui_gp.isr.isrprocessevent.wdp.InternalFcISRProcessEventInterface.callIsrProcessEvent(InternalFcISRProcessEventInterface.java:409)
     at com.sap.pcui_gp.isr.isrprocessevent.wdp.InternalFcISRProcessEventInterface$External.callIsrProcessEvent(InternalFcISRProcessEventInterface.java:577)
     at com.sap.pcui_gp.isr.isrprocessevent.showform.VcISRShowForm.onBeforeOutput(VcISRShowForm.java:215)
     at com.sap.pcui_gp.isr.isrprocessevent.showform.wdp.InternalVcISRShowForm.onBeforeOutput(InternalVcISRShowForm.java:435)
     at com.sap.pcui_gp.isr.isrprocessevent.showform.VcISRShowFormInterface.onBeforeOutput(VcISRShowFormInterface.java:137)
     at com.sap.pcui_gp.isr.isrprocessevent.showform.wdp.InternalVcISRShowFormInterface.onBeforeOutput(InternalVcISRShowFormInterface.java:136)
     at com.sap.pcui_gp.isr.isrprocessevent.showform.wdp.InternalVcISRShowFormInterface$External.onBeforeOutput(InternalVcISRShowFormInterface.java:212)
     at com.sap.pcuigp.xssfpm.wd.FPMComponent.callOnBeforeOutput(FPMComponent.java:603)
Help is greatly appreciated and will be rewarded when useful!
Regards,
Thomas

Hi Tom,
When you are familiar with authorizations in PFCG trabsaction you are finaliar with S_DEVELOP if not ask the authorization team on your project.
Basically this authorization object handles the read/write etc authorization related to devlopment objects. If you implement Adobe forms you will probably develop your own forms or at least copy the SAP forms to customer namespace.
For Adobe you will therefore have 2 custom development objects (1 for the form and 1 for the interface that is automatically generated). The end-user shoulf have at least READ access to these objects. If not the portal will trow an error on this.
To determine the tech names of the objects find the form and related interface in transaction SFP. These should be inserted in the object S_DEVELOP in the role for the end users.
You may want to consider to put the value Z* in the object which will give authorization for all the custom developed objects.
If you can't find the object reply again and i will send a screenshot.
Finally, make use of the splended transaction ST01!! It will make your life a lot more easy in portal! It traces all the authorizations needed and missing for any user you specify. After activating the trace and running a portal scenario the log will tell you want went OK and what not on an authorization object level.
Good luck,
Thomas

Verify Authorization for a differnt UserID

Hi all,
     Hope you are all doing great. I need some help from the experts.
My question is that I am storing UserID in a Table Field as input from end users. I have to make sure that the entered Userid (not the current end user) has a authorization for a given auth Object field/value combination. I did a search for Function Modules that begin with Authority_Check but didn't see any obvious ones.
I think this should be possible, i.e. "AUTHORITY-CHECK OBJECT 'xx' " with also supplying the UserID.
Please let me know if you know how to do so.
Thanks.

Thanks Bharat. I looked at the help earlier. It shows regular check for current logged in user. note some random user.
Hema, not sure what u r referring to.
I tried the Function Code Behind the Authority-check but it gives me Another Auth Error. Still tryng to find out what is the Auth error running the code bewow.
REPORT ZAUTHCHECK.
*& Report ZAUTHCHECK
WRITE: / 'begin of test'.
CALL FUNCTION 'AUTHORITY_CHECK'
EXPORTING
NEW_BUFFERING             = 3
   USER                      = 'SAPID'
    OBJECT                    = 'B_USERSTAT'
    FIELD1                    = 'BERSL'
    VALUE1                    = 'PS_APPD'
FIELD2                    = ' '
VALUE2                    = ' '
FIELD3                    = ' '
VALUE3                    = ' '
FIELD4                    = ' '
VALUE4                    = ' '
FIELD5                    = ' '
VALUE5                    = ' '
FIELD6                    = ' '
VALUE6                    = ' '
FIELD7                    = ' '
VALUE7                    = ' '
FIELD8                    = ' '
VALUE8                    = ' '
FIELD9                    = ' '
VALUE9                    = ' '
FIELD10                   = ' '
VALUE10                   = ' '
EXCEPTIONS
USER_DONT_EXIST           = 1
USER_IS_AUTHORIZED        = 2
USER_NOT_AUTHORIZED       = 3
USER_IS_LOCKED            = 4
OTHERS                    = 5
IF SY-SUBRC <> 0.
MESSAGE ID SY-MSGID TYPE SY-MSGTY NUMBER SY-MSGNO
        WITH SY-MSGV1 SY-MSGV2 SY-MSGV3 SY-MSGV4.
ENDIF.
WRITE: / 'End of Check.'.

Archive file cannot be opened for write program

Hi All,
I am getting the error message "annot be opened for write program" in log view, when I am trying to write data into archive file using "write' function.
Please provide us the solution for this problem.

Hello,
It must be due to missing authorization for the write operation.
Please inform the security consultant along with SU53 details.
Regards
Vijay Gajavalli

Authorization for Infotypes and Actions

Hi Experts,
In my project i have a requirement to give authorization to individual infotype level and also give authorization for each and every PA40 actions .
Please give me a solution if any.
thanks..
Avik

Hello:
For authorization to individual infotype, use object P_ORGIN, authorization field INFTY. In here you can specify individual infotypes, and also authorization level on field AUTHC:
R - Read access
W - Write access
M - Matchcode access
E, D - Enqueue, dequeue access (Asymmetrical double verification principle)
S - Symmetrical (Symm. double verification principle)
For authorization for each and every action, use:
INFTY: 0000 (Actions infotype)
SUBTY: ## (Specific actions)
This is done with basis team cooperation in transaction PFCG.
Hope this helps
Regards.

No authorization for Write trip 0000000000

Similar Messages

Maybe you are looking for