If any function in
a T-code or any function in a specific transaction code can’t get by the user, we can add the authorization by adding authorization object and resolve
that problem.
Fist we check
what is the problem face by the user,
So Goto
Transaction SU53
To disply
authorization data for the user,
There is an
option “display for different user (F5)” show in the above image
Click on that
option, type user how face the problem
Click on execute
It shows the Missing Authorization Object and its Value, we will add the authorization value
to the authorization object
To Find which "Role" contain the missing authorization object, Goto SUIM
Role -----> Role by Complex Selection Criteria
In the opened Screen Fill the marked Columns in the bellow image,
User Name (Problem facing User Name), Transaction Code (Problem facing Transaction code), Object 1 (Missing authorization Object From SU53)
It shows the "Role" which has missing the "Authorization Object"
Next, Goto PFCG
To find the role
& add the missing object
Type the role name
and click on edit option
Goto to 'Authorization' tab
Goto to 'Authorization' tab
Click on “Change
Authorization Data” option,
Click on ctrl+f , to find the object
It shows the
missing authorization object
Click on the
pencil to add authorization value
Add the value on
get from “SU53” on the opened field then Click on 'Generate' button,
Completed, Now you can use the previous missing function successfully......
Thanks for reading, Please share your valuable feedback.
Share this
How find out the role name for above selection.Please tell us.
ReplyDeleteIf the User have 1 Role we can directly go to the PFCG and select assigned Role and add the missing object.
DeleteIf the user have more than 1 role, we can find the Role using SUIM.
Goto SUIM -----> Roles by Complex Selection Criteria
In the opened window, Fill the following Tabs
" USER , Transaction Code , Object 1"
Its shows the missing object contains Roles......
Hope you Get.....
Hi,
ReplyDeleteI updated the document with "How to get authorization missing Role name part ", hope it will help you.
What if the object is not inculded in any of the roles?
ReplyDeleteHi Ahmed,
DeleteWe can manually add the Object if the object is not exists in any role that assigned to the User......
In that particular role, just add the required object in the option "Manually"
DeleteWe can manually add the object using the option "Manually" in PFCG......
ReplyDeleteGoto ----> PFCG
----> Select The Role which you ant to add the Authorization Object
----> Edit
----> Authorization Tab
----> Change Authorization Data
----> Manual Entry of Authorization Object
Add the Authorization Object and Generate the Profile for the Role......
Adding a missing authorization object should be very rare thing. Basically all roles must have the necessary objects that role needed during the assignments of t-codes.
ReplyDeleteOne exception is manually disabling the objects inside to control sensitive fields ex: company code / plant where you need to have an object role (collection of objects disabled within the transaction role) with the controlled field values controlled.
Very helpful blog about SAP Basis and Security Topics.
ReplyDelete