Trace of Authorization checks on recursive called functions

Hi all,
I need to search all authority checks that one standard report make on recursive calls to reports/functions. Does somebody knows how I can do it?
Thanks a lot.

Hello,
Start transaction st01 and enable the trace for "authority check".
Start your programm and when it is done disable the trace.
Then choose analysis and all the checks will be displayed.
Hope this help,
Walter
Please reward all participants

Similar Messages

  • Approximate operator and recursive call function in abap

    Dear expert,
    Please give me an example about Approximate operator and recursive call function in abap
    thanks so much

    Hi
    About Approximate operator, you can go to tcode 'ABAPDOCU', searching CO,CN,CA etc...each of them have example there.
    And recursive function,
    Say here is a FM,
    FUNCTION recursive_get_number.
    *import im_num type i.
    *export ex_num type i.
    ex_num = im_num + 1.
    IF ex_num GE 100.
       EXIT.
    ELSE.
       CALL FUNCTION recursive_get_number
            EXPORTING
               im_num = ex_num
            IMPORTING
               ex_num = ex_num.
    ENDIF.
    ENDFUNCTION.
    When you call this function from outside with importing parameter '1',  then will return you 100.
    regards,
    Archer.

  • Deactivate authorization checks in BSP or function modules?

    Hi all
    I have a BSP application that seems to use a standard function module that performs an unwanted authorization check on object M_MATE_VKO (Material check on sales organization)
    I know it is possible to globally deactivate authorization checks in certain SAP transactions (SU24)
    Does anyone know if there is a similar functionality for BSP applications or function modules? Any suggestions on how to deactivate such authorization checks in BSP applications?
    Regards
    Mike

    > I will also check with my developer if this function module has any return codes etc that can be useful for a custom authorization check. However, I thought these checks were all done within the function module and that it will only return a true/false authorization, sort of... and I am not sure it's a good idea to override all standard authorization checks in this function module
    Sometimes you can handle the messages, but your developer will be able to help you decide whether that is a good idea or not.
    Globally deactivating the object for the whole system is most likely not a good idea, as you seem not to want to grant it because you need it somewhere else...
    Deactivating all checks for the function module is probably not wise either, as I would think that it applies to the whole function group. Developers can do such things sometimes, but often it results in all end users being able to do the same.
    I know that proposal indicators can be set for function modules, but have not tried check indicators. Again, I suspect that it would apply to the whole function group.
    I would think that a carefull choice of function module and consulting with your functional guru about config which will not interfer with other requirements is the best route to take.
    I like threads like this. If I bump into a specific solution I will remember it. Try using the search here at SDN on the names of some of the FM's which you are considering - someone might already have solved it...
    Cheers,
    Julius

  • Authorization check in BDC call transaction

    Hello gurus,
    My requirement is MB1B t-code is not authorized for basis users but only for end user, but when I create a Z-program with a BDC call transaction MB1B it is allowing access.
    How is this possible? My boss will ask me this question and I don't know the answer.
    Regards,
    Krishna
    Edited by: Julius Bussche on Dec 2, 2008 10:54 AM
    Several errors corrected...
    Edited by: Julius Bussche on Dec 2, 2008 2:44 PM

    Hi Krishna Moorthy
    To the best of my knowledge you need check the authorization in your program
    use AUTHORITY CHECK
    for further info take the help of KEY word documentaion
    Regards
    Ramchander Rao.K
    Edited by: ramchander krishnamraju on Dec 2, 2008 10:20 AM

  • LDB PNP authorization check authorization object

    Hi,
    I have used LDB PNP for HR reports.
    We are using the authority check also, but the problem is all the records/data for all the people is being read by the report where some of the people data should not have been read as they belong to some other personal area that the role of the executer (user).
    Hence it appears that authorization check is not working properly.
    Following is how I am using it, Please suggest corrections or alternate way to correct this issue.
        rp-provide-from-last p0002 space gwa_outlist-begda 
                                                        gwa_outlist-begda.
        IF pnp-sw-found NE '1' OR
            pnp-sw-auth-skipped-record EQ '1'.
            EXIT.
        ELSE.
            ls_tab-vorna = p0002-vorna.
            ls_tab-nachn = p0002-nachn.
        ENDIF.
    Please reply with the corrections ore alterations,
    Thanks in advance.
    Akash.

    Hi,
    (1)
    Actually, if you're wirting report with PNP LDB, you do NOT need to do this hard-coded auth checking at all. Because the LDB abap code behind PNP has already do this job for you.
    So all you need to do is to ask you HR consultant or Basis consultant to modify the authority config of certain ROLE with t-code PFCG, and then assign that ROLE to certain user with t-code SU01.
    ABAP code behind PNP will automatically verify the current user according to his ROLE setting.
    (2)
    In some case you do not work with LDB report, then you need to do the authority check by yourself. General function  AUTHORITY_CHECK is what you need.  AUTHORITY_CHECK do the authority check by means of Authority Object.Belows are authority objects used in HR module(you can also see in PFCG if technial name switched on):
    P_ORGIN    HR: Master Data
    PLOG       Personnel Planning
    P_PCLX     HR: Clusters
    P_TCODE    HR: Transaction codes
    Sample of checking personal area:
    CALL FUNCTION 'AUTHORITY_CHECK'
         EXPORTING
              FIELD1              = ' PERSA'
              OBJECT              = 'P_ORGIN'
              USER                = 'SAPSUPPORT1'
              VALUE1              = 'Z001'  
         EXCEPTIONS
              USER_DONT_EXIST     = 1
              USER_IS_AUTHORIZED  = 2
              USER_NOT_AUTHORIZED = 3
              USER_IS_LOCKED      = 4
              OTHERS              = 5.  
    IF SY-SUBRC NE 2.
    MESSAGE E001(01) RAISING AUTH_FAILED.
    ENDIF.
    Reward if helpful pls!

  • LDB PNP authorization check at record level - rp_provide_from_last

    hi,
    i am using LDB PNP,
    I am using macro 'rp-provide-from-last' .
    I neeed to place a authorization check so that the user of the program should only be allowed to view records of the people which comes under the same personnel area as of the user of the program.
    Can you please guide me on how to implement this?
    thanks in advance,
    akash.

    Hi,
    (1)
    Actually, if you're wirting report with PNP LDB, you do NOT need to do this hard-coded auth checking at all. Because the LDB abap code behind PNP has already do this job for you.
    So all you need to do is to ask you HR consultant or Basis consultant to modify the authority config of certain ROLE with t-code PFCG, and then assign that ROLE to certain user with t-code SU01.
    ABAP code behind PNP will automatically verify the current user according to his ROLE setting.
    (2)
    In some case you do not work with LDB report, then you need to do the authority check by yourself. General function  AUTHORITY_CHECK is what you need.  AUTHORITY_CHECK do the authority check by means of Authority Object.Belows are authority objects used in HR module(you can also see in PFCG if technial name switched on):
    P_ORGIN    HR: Master Data
    PLOG       Personnel Planning
    P_PCLX     HR: Clusters
    P_TCODE    HR: Transaction codes
    Sample of checking personal area:
    CALL FUNCTION 'AUTHORITY_CHECK'
         EXPORTING
              FIELD1              = ' PERSA'
              OBJECT              = 'P_ORGIN'
              USER                = 'SAPSUPPORT1'
              VALUE1              = 'Z001'  
         EXCEPTIONS
              USER_DONT_EXIST     = 1
              USER_IS_AUTHORIZED  = 2
              USER_NOT_AUTHORIZED = 3
              USER_IS_LOCKED      = 4
              OTHERS              = 5.  
    IF SY-SUBRC NE 2.
    MESSAGE E001(01) RAISING AUTH_FAILED.
    ENDIF.
    Reward if helpful pls!

  • FRF-00025  Unable to call function. Error message: Syntax error in program

    hi,
    when we try to import the export file,we are getting the following error in the 24th phase
    i.e., check DDIC Password.
    The Error is
    INFO       2007-10-29 15:53:20 [iaxxrfcimp.cpp:1017]
               CAbRfcImpl::callLibraryFunction
    Generating interface for remote function.
    TRACE      [iaxxrfcimp.cpp:1056]
               CAbRfcImpl::performFunctionCall
    Calling function module: INST_RFC_GET_INTERFACE
    WARNING[E] 2007-10-29 15:53:21 [iaxxrfcimp.cpp:1089]
               CAbRfcImpl::performFunctionCall
    FRF-00025  Unable to call function. Error message: Syntax error in program SAPLSUNI                                . .
    TRACE      [iaxxrfcimp.cpp:1090]
               CAbRfcImpl::performFunctionCall
    RFC failure or system exception raised
    TRACE      [iaxxrfcimp.cpp:1091]
               CAbRfcImpl::performFunctionCall
    Syntax error in program SAPLSUNI                                .
    TRACE      [iaxxbjsmod.cpp:657]
               CJSlibModule::showOkCancelBox_impl()
    <html>Test logon to SAP System I50 failed.<p>Make sure that the system is started, that the user DDIC exists and that the password of user DDIC is correct.</html>
    TRACE      [iaxxgenimp.cpp:1093]
               showDialog()
    waiting for an answer from gui
    What Could be the solution for this.
    waiting for ur reply
    SS

    Hi Friend,
    Please check whether or not there is view missing error recorded in dev_w0 trace file.
    if there is , you can try to follow this procedure in order to manually
    import the missing view definitions.
    All steps must be carried out with the <sid>adm user of the target
    system and from the install-directory:
    1. In the install-directory
    <sapinst_instdir>\...COPY\IMPORTT\SYSTEM\ABAP\ORA\UC\DB
    create a file SAPVIEW.cmd with the following content:
    tsk: "<sapinst_instdir>\...\COPY\IMPORT\SYSTEM\ABAP\ORA\UC\DB\SAPVIEW.TSK"
    icf: "
    <YOUR_EXPORT_DIRECTORY>\export\DATA\SAPVIEW.STR"
    dcf: "<sapinst_instdir>\...\COPY\IMPORT\SYSTEM\ABAP\ORA\UC\DB\DDLORA.TPL"
    dat: null
    dir: null
    ext: null
    Please make sure that all paths are written correctly (in one line) and
    the refered files are existant and readable. One exception:
    The SAPVIEW.TSK file is created with step 2.:
    2. Run from the command-line:
    R3load -ctf I
    <YOUR_EXPORT_DIRECTORY>\export\DATA\SAPVIEW.STR <sapinst_instdir>\...\COPY\IMPORT\SYSTEM\ABAP\ORA\UC\DB\DDLORA.TPL SAPVIEW.TSK ORA -l SAPVIEW.log
    If there's a problem reading the 'SAPVIEW.STR' file, copy the
    file to the install directory and adapt the path accordingly.
    3. Run the view import by:
    R3load.exe -i SAPVIEW.cmd -dbcodepage <YOUR_CODE_PAGE> -l SAPVIEW.log
    -stop_on_error
    4. Check both the SAPVIEW.log and the SAPVIEW.TSK file whether all views
    have been created successfully.
    If 4. is okay, restart the central instance and check whether you are
    able to log on now. If yes, continue 'sapinst' by the option 'retry' or
    'continue old installation'.
    I Hope It can be helpful.
    With Best Regards
    Julia

  • Call function background is not working

    Hi All,
    I created an RFC function module with one import parameter and 2 tables.
    I am calling this function module in baground
    CALL FUNCTION "ABC" IN BACKGROUND TASK
       Exporting
        var = var
    tables
      tab1 = tab1
      tab2 = tab2
    i am passing var and tab1 and updating tab2 in FM
    tab2 is not updating if i call in BACKGROUND
    It is working fine in onlie mode.
    Can anyone please through some light on this
    Thanks,
    Naveen

    Hi Rob,
    Thanks for the reply. Here is the code     
    Here i am passking lv_flname, lt_binary_file and updating lt_objbin
    in the function module i am going to update lt_objbin.
    The reason i am doing this becuase if i use open dataset it failing authorization.
    Thats why i want execute these statements in background. These report will be executed by many users, so they can not give authorization for everyone.
    CALL FUNCTION 'ZFI_VIM_OPEN_DATASET' IN BACKGROUND TASK
            EXPORTING
              lt_flname      = lv_flname
            TABLES
              ls_binary_file = lt_binary_file
              ls_objbin      = lt_objbin
            EXCEPTIONS
              error_dataset  = 1
              OTHERS         = 2.
    Here is the function module code
    FUNCTION zfi_vim_open_dataset.
    *"*"Local Interface:
    *"  IMPORTING
    *"     VALUE(LT_FLNAME) TYPE  CHAR80
    *"  TABLES
    *"      LS_BINARY_FILE STRUCTURE  TBL1024
    *"      LS_OBJBIN STRUCTURE  SOLISTI1
    *"  EXCEPTIONS
    *"      ERROR_DATASET
      OPEN DATASET lt_flname FOR OUTPUT IN BINARY MODE.
      IF sy-subrc = 0.
        LOOP AT ls_binary_file.
          TRANSFER ls_binary_file TO lt_flname.
        ENDLOOP.
        CLOSE DATASET lt_flname.
      ENDIF.
      CLEAR: ls_objbin. REFRESH: ls_objbin.
      OPEN DATASET lt_flname FOR INPUT IN BINARY MODE.
      DO.
        READ DATASET lt_flname INTO ls_objbin.
        IF sy-subrc <> 0.
          CLOSE DATASET lt_flname.
          EXIT.
        ELSE.
          APPEND ls_objbin.
        ENDIF.
      ENDDO.
      DELETE DATASET lt_flname.
    ENDFUNCTION.
    Moderator message - Please use code tags to format your code
    Edited by: Rob Burbank on Apr 1, 2010 3:42 PM

  • Recursive call of function module 'CRM_ORDER_MAINTAIN'

    Hi together,
    I have got the follwoing problem.
    We have to implement a proof on a partner function regarding the role.
    I found the BADI IF_EX_COM_PARTNER_BADI~COM_PARTNER_CHECK
    I implement the the follwoing coding:
      IF is_partner_wrk-partner_fct = 'ZADI0012'.
        SELECT SINGLE * INTO  ls_but100
                        FROM  but100
                        WHERE partner = is_partner_wrk-external_partner_number
                        AND   rltyp   = 'BUP004'.
        IF sy-subrc = 4.
          MESSAGE e003(crm_ic_partner) WITH is_partner_wrk-external_partner_number.
        ENDIF.
      ENDIF.
    when I enter a partner with a wrong role, I got the message I have implemented. Afterwards I type in a partner with the correct role I got a short dump.
    Recursive call of function module 'CRM_ORDER_MAINTAIN'
    Has anybody an idea how to solve this issue?
    Thanks and best regards,
    Sylvia

    Hi scharfen,
    We got the similar requirement what you implemented.I implemented the below code but the error message is coming 3 times.
    I have got the follwoing problem.
    We have to implement a check on a partner function regarding the role.
    I found the BADI IF_EX_COM_PARTNER_BADI~COM_PARTNER_CHECK
    I implemented the the follwoing coding:
    method IF_EX_COM_PARTNER_BADI~COM_PARTNER_CHECK .
    DATA: lw_but100 TYPE but100,
    lw_but000 TYPE but000,
    lw_msgno TYPE bal_s_idno,
    lt_msgno TYPE bal_r_idno,
    l_partner TYPE symsgv,
    lw_low TYPE balmsgidno.
    IF is_partner_wrk-PARTNER_FCT = '00000009'.
    SELECT SINGLE * INTO lw_but000
    FROM BUT000
    WHERE partner = is_partner_wrk-external_partner_number
    AND TYPE = '2'.
    IF sy-subrc EQ 0.
    SELECT SINGLE * INTO lw_but100
    FROM but100
    WHERE partner = is_partner_wrk-external_partner_number
    AND rltyp = 'BUP004'.
    IF sy-subrc = 0.
    REFRESH lt_msgno.
    lw_msgno-sign = 'I'.
    lw_msgno-option = 'EQ'.
    lw_low-msgid = '/DS1/A'.
    lw_low-msgno = '139'.
    lw_msgno-low = lw_low.
    APPEND lw_msgno TO lt_msgno.
    CALL FUNCTION 'CRM_MESSAGES_DELETE'
    EXPORTING
    IT_R_MSGIDNO = lt_msgno
    iv_ref_object = is_partner_wrk-guid.
    l_partner = is_partner_wrk-external_partner_number.
    CALL FUNCTION 'COM_PARTNER_MESSAGE_COLLECT_OW'
    EXPORTING
    is_partner_control = is_partner_control
    iv_msgno = '139'
    iv_msgid = '/DS1/A'
    iv_msgty = 'E'
    iv_msgv1 = l_partner.
    ELSE.
    REFRESH lt_msgno.
    lw_msgno-sign = 'I'.
    lw_msgno-option = 'EQ'.
    lw_low-msgid = '/DS1/A'.
    lw_low-msgno = '139'.
    lw_msgno-low = lw_low.
    APPEND lw_msgno TO lt_msgno.
    CALL FUNCTION 'CRM_MESSAGES_DELETE'
    EXPORTING
    IT_R_MSGIDNO = lt_msgno
    iv_ref_object = is_partner_wrk-guid.
    ENDIF.
    ENDIF.
    ENDIF.
    endmethod.
    when I enter a partner with a wrong role, I got the message I have implemented. But the message is appearing 3 times in the errorlog. Can anyone please let me know the reason for this and solution to resolve this.
    Regards,
    Swetha

  • ACCESS.ERROR: Authorization check for caller assignment to J2EESecurityRole

    Hi
    After updating our portal (NW04 SP20) this new error occurs in the default.trc log.
    <i>ACCESS.ERROR: Authorization check for caller assignment to J2EE security role [service.jms.default.authorization : administrators] referencing J2EE security role [SAP-J2EE-Engine : administrators].</i>
    I have not found anything helpfull thusfar.
    Thank you for your help in advance

    Hi,
    We had the same problem after upgrading to 2004s sp13.
    We applied all available patches and it went away.
    Check out this thread:
    <a href="https://www.sdn.sap.com/irj/sdn/thread?threadID=614693&tstart=0">https://www.sdn.sap.com/irj/sdn/thread?threadID=614693&tstart=0</a>
    Best regards,
    Avisahi Zamir

  • Authorization check for caller assignment to J2EE security role

    Dears experts, in the default.trc logs in, my Enterprise Portal NW2004s, appear this error:
    #1.#0018714E4A14005E000027E1000057B8000441BB7EF2FC03#1198173451524#com.sap.engine.services.security.roles.SecurityRoleReference#sap.com/irj#com.sap.engine.services.security.roles.SecurityRoleReference#Guest#2126####46ce8210aefd11dcc68f0018714e4a14#Thread[Thread-59,5,SAPEngine_Application_Thread[impl:3]_Group]##0#0#Error#1#/System/Security/Audit/J2EE#Java###: Authorization check for caller assignment to J2EE security role [ : ] referencing J2EE security role [ : ].#5#ACCESS.ERROR#service.jms.default.authorization#administrators#SAP-J2EE-Engine#administrators#
    #1.#0018714E4A14005E000027E5000057B8000441BB7F8BDC21#1198173461543#com.sap.engine.services.security.roles.SecurityRoleImpl#sap.com/irj#com.sap.engine.services.security.roles.SecurityRoleImpl#Guest#2127####46ce8210aefd11dcc68f0018714e4a14#Thread[Thread-59,5,SAPEngine_Application_Thread[impl:3]_Group]##0#0#Error#1#/System/Security/Audit/J2EE#Java###: Authorization check for caller assignment to J2EE security role [ :
    Any idea about it?
    Thanks friends

    Hi Holger,
    Thanks for the tip, it could be the case, I just checked and we are on Patch 0 for JEECOR as you can see here below:
    sap.com/SAP-JEECOR   7.00 SP13 (1000.7.00.13.0.20070907082334)  20071028144036 
    sap.com/SAP-JEE          7.00 SP13 (1000.7.00.13.2.20071026143730)  20071203150628 
    Will inform some people internally to patch to atleast 3 to check if it still occures.
    Anyway, Thanks again..
    Benjamin Houttuin

  • Error :Authorization check for caller assignment to J2EE security role whil

    Hi Experts,
                 i m working as a portal resource .
    after the deployment of standered Sap e-rec package .
    i m getting some error. i have assigned the recruiter role to one test user.
    Now i m getting two issue:
    1)All the services are appearing in Detailed Navigation Pannel but not in Portal content area..
    2) I m able to see few iview for the test user but those are also in detailed navigation view.
       And few ivews are giving following error :
      i)Internal error
    ii)error 2011-12-19 07:59:57:315 ACCESS.ERROR: Authorization check for caller assignment to J2EE security role [sap.com/com.sap.lcr*sld : LcrInstanceWriterNR] referencing J2EE security role [SAP-J2EE-Engine : administrators].
    /System/Security/Audit/J2EE com.sap.engine.services.security.roles.audit n/a EP-DEV-KRT Server 0 0_97989
    Full Message Text
    ACCESS.ERROR: Authorization check for caller assignment to J2EE security role [sap.com/com.sap.lcr*sld : LcrInstanceWriterNR] referencing J2EE security role [SAP-J2EE-Engine : administrators].
    please suggest what can be  done or what is pending from my side.

    Prajakta2602 wrote:
    Hi Experts,
    >
    > the previous issue got solved..
    > it was due to servies pack miss match and applying notes
    > the Basis guy  checked the SLD logs and accordingly found that the base components J2EECORE and JTECHS required paching as per
    > notes 1445294 and 1175239 were applied.
    > now the issue is:
    >
    >
    >  After implemetation and  i assigning the standerd sap roles
    > 1)Recruiter Administrator
    > 2)Recruiter
    > to the test user .
    > but for few iview it is showing error as in
    > 1) you are not a authorized user
    > 2) internal error
    >
    > please help experts.
    >
    >  i m working on portal side have i to assign any role to that test user..
    >
    >
    > Thnaks & Regards,
    > Prajakta
    You can run a quick check using the below steps:
    1. Check in backend whether there is any authorisation errors... you may use transactions SU53 or ST22 for any ABAP errors
    2. Also check in NWA -> log viewer -> last 24 hours log for the particular user to see any java related issues.
    Regards,
    Mahesh

  • Error BT616 when calling function module SXPG_COMMAND_EXECUTE in background

    Hi All,
    We use function module SXPG_COMMAND_EXECUTE with a custom command we defined in SM69 to move files in unix (mv command).
    The function module call has worked fine for almost a year and recently we have been seeing an error (BT616) in our job lob (SM37) when the program is run in background. We have not been able to reproduce the error in foreground mode and it seems to be occuring only periodically in the background. (The appropriate SAP authorization objects where assigned to the batch job ID and the steps on the batch job.) We are in the process of setting up the trace flag and performing analysis on the trace log via ST11 to help identify the issue.
    After perform analysis on SXPG_COMMAND_EXECUTE, the error is occurring when calling function module SAPXPG_END_XPG for exception 2, system failure, yet function module SAPXPG_END_XPG does not exist. I assume this is a program at the operating system level and is just a signature of the parameters to be passed to the operating system program.
    Below is part of the SAP function module SXPG_COMMAND_EXECUTE that is failing.
    * Now we have to wait for the termination of the external
    * command if the caller wants us to.
        IF TERMINATIONWAIT = 'X'.
          CALL FUNCTION 'SAPXPG_END_XPG'
            DESTINATION DESTINATION
            IMPORTING   EXITSTAT = STATUS
                        EXITCODE = EXITCODE
            TABLES      LOG      = LOG
            EXCEPTIONS  COMMUNICATION_FAILURE = 1 MESSAGE MSG
                        SYSTEM_FAILURE        = 2 MESSAGE MSG.
    I performed a where used on function module SXPG_COMMAND_EXECUTE, and most of SAP programs call the function module with the parameter TERMINATIONWAIT = 'X', so I assume we should pass ‘X’ as well.
    Any ideas on what could be causing this issue?
    Mike Vondran

    I also remember I have this kind of issue, as I have some UNIX script at OS( UNIX) level . The problem was with the ID , as it don’t have proper authorization at OS level ( UNIX ) . Please check this ID authorization. This could be the one of reasons if you’re sure from SAP standpoint.
    Hope this’ll give you some guide line..
    Thanks
    Bye

  • Skip Authorization Check in ECC5.0

    I have noticed a major diffrence in authorization check for tcodes in ECC5.0 . In earlier versions in debug mode I found that if there is a command like :
    CALL TRANSACTION 'PA30' and SKIP FIRST SCREEN
    If i press F5 it directly shows me the error message "Not authorised to PA30" in case there is no auth to execute it, and the debugging stops.
    But in Earlier versions it used to goto a function module to check the auth. I just want to customize the function module to skip the auth check for a certain set of users.
    Any clue for this?

    Hi Alex,
    I am not very sure about Personnel Cost Planning,
    But an approach I have used in the past when exploring a module about which there is limited documentation or SAP standard model roles is to
    1) Switch on Trace using ST01.
    2) Carry out a series of transcations using a user id which has a lot of authorizations or SAP_ALL.
    3) Anlayse the trace document and identify all the authorization object.
    4) BUild a new role with the auth objects and assign to test user id.
    5) test and confirm that the authorizations are not too many or too less.
    A time consuming but thorough approach.
    hope this helps.

  • Issues with Analysis Authorization checks in APO

    Hi Friends,
    I am facing an issue with Analysis authorization checks in APO.
    We have setup user access based on Management Entity (Analysis authorization - AGMMGTENT and 0TCAACTVT) and core APO authorizations (based on the work profile - e.g: Demand Planner).
    Scenario: Consider User A has access to India and Australia Management Entities with 0TCAACTVT - *
    This user also has display access to all management Entities (AGMMGTENT - * and 0TCAACTVT - 03). This scenario works very well in Quality where the RSECADMIN trace shows check on both Characteristics. However in Production the RSECADMIN trace shows up only against AGMMGTENT (*) and by default takes 0TCAACTVT as (*).
    In Quality the Characteristics that get checked are as below : and it works as expected. Display access for Management Entities that are supposed to be displayed only and change access to only the Management Entities that it should.
    However the Trace for Production shows the following : As a result it is allowing the user to change access to all management Entities. Which is not desirable..
    Resultant trace results are as below: This should not happen..
    I have compared all Analysis Authorizations and it is same across both Instances. The Demand planner access is consistent too..
    Will it be possible for you to advise on what could I be missing.

    Hi All,
    If it helps, in Quality: the Authorization checks are listed as: Subselection (Technical SUBNR) 1
    while in Production it checks Subselection (Technical SUBNR) 1 in one place, however where it fails - the check happens as Subselection (Technical SUBNR) 0.
    Is there a way we can change this to SUBNR 1. Is there any table entry that I can look at to check if the Authorization check is functioning incorrectly..
    Please advise.. Thanks..
    Regards,
    Prakash

Maybe you are looking for

  • Help me out with this program

    hi, I am trying to make a login program that connects to an access database with table 'PASSWORD' containing the username and the password. I have written the program but i could not continue as i am in fix with few errors which it is giving can anyo

  • Writing in Arabic in InDesign CS3

    A customer asked us to reproduce a card in Arabic. We have the scan of the card in .jpg Now, I enabled Arabic in the keyboard layouts, in International inputs and I do have arabic fonts that work. The problem I have (I am only able to recognize Arabi

  • How to create a vertical submenu in my main horizontal main menu?

    I create a main menu in my site and now i'm having some difficulties creating one vertical submenu in one of the separators. Can anyone help me please? Thanks. V.

  • How do I get my Apple TV Screensaver to play an album other than Photostream?

    How do I get my Apple TV Screensaver to play an album other than Photostream?

  • Time for Clean Install?

    Or is it time to go back to Tiger? I have tried three separate times to install Leopard, and after each restart now, I cannot see my hard drive or the disk image on the desktop. I can see everything else, the dock, menu bar, airport, time, etc. Is it