Monday 18 July 2016

Missing Authorization Object Adding - SAP Security

If any function in a T-code or any function in a specific transaction code can’t get by the user, we can add the authorization by adding authorization object and resolve that problem.

Fist we check what is the problem face by the user,

So Goto Transaction SU53
To disply authorization data for the user,
                                       

There is an option “display for different user (F5)” show in the above image

Click on that option, type user how face the problem
Click on execute
   

It shows the Missing Authorization Object and its Value, we will add the authorization value to the authorization object
                                       


To Find which "Role" contain the missing authorization object, Goto SUIM

Role -----> Role by Complex  Selection Criteria 


In the opened Screen Fill the marked Columns in the bellow image,

User Name (Problem facing User Name), Transaction Code (Problem facing Transaction code), Object 1 (Missing authorization Object From SU53) 
It shows the "Role" which has missing the "Authorization Object"


Next, Goto PFCG
To find the role & add the missing object
                                       

Type the role name and click on edit option
Goto to 'Authorization'  tab
                                       

Click on “Change Authorization Data” option,
                          

Click on ctrl+f , to find the object                                                                                                             
                                       

It shows the missing authorization object
                               

Click on the pencil to add authorization value
Add the value on get from “SU53” on the opened field then Click on 'Generate' button,
                                       

Completed, Now you can use the previous missing function successfully......

Thanks for reading, Please share your valuable feedback.  

Share this

9 Responses to "Missing Authorization Object Adding - SAP Security"

  1. How find out the role name for above selection.Please tell us.

    ReplyDelete
    Replies
    1. If the User have 1 Role we can directly go to the PFCG and select assigned Role and add the missing object.

      If the user have more than 1 role, we can find the Role using SUIM.

      Goto SUIM -----> Roles by Complex Selection Criteria
      In the opened window, Fill the following Tabs
      " USER , Transaction Code , Object 1"

      Its shows the missing object contains Roles......

      Hope you Get.....

      Delete
  2. Hi,

    I updated the document with "How to get authorization missing Role name part ", hope it will help you.

    ReplyDelete
  3. What if the object is not inculded in any of the roles?

    ReplyDelete
    Replies
    1. Hi Ahmed,

      We can manually add the Object if the object is not exists in any role that assigned to the User......

      Delete
    2. In that particular role, just add the required object in the option "Manually"

      Delete
  4. We can manually add the object using the option "Manually" in PFCG......

    Goto ----> PFCG
    ----> Select The Role which you ant to add the Authorization Object
    ----> Edit
    ----> Authorization Tab
    ----> Change Authorization Data
    ----> Manual Entry of Authorization Object

    Add the Authorization Object and Generate the Profile for the Role......

    ReplyDelete
  5. Adding a missing authorization object should be very rare thing. Basically all roles must have the necessary objects that role needed during the assignments of t-codes.
    One exception is manually disabling the objects inside to control sensitive fields ex: company code / plant where you need to have an object role (collection of objects disabled within the transaction role) with the controlled field values controlled.

    ReplyDelete
  6. Very helpful blog about SAP Basis and Security Topics.

    ReplyDelete