topic Re: Authorization checks vs ST01 data in Application Development and Automation Discussions

Authorization checks vs ST01 data

Former Member — Tue, 28 Oct 2008 13:50:42 GMT

Experts. My 1st post.

I Just tried to find on the forum about my issue and could not find anything.

Question: How could ST01 shows that the user passed on the authorization check if he have authorization to a fixed value different?

The user have VKORG assigned as MX* on 2 different roles. Using SE16 and AGR_1252 on both roles i have the value MX*.

Opened the ST01 and set for the user received the message below. See that the first line have VKORG= ;

20:18:34:342 AUT. - - - V_VBRK_VKO RC=0 VKORG= ;ACTVT=19;

20:18:34:434 AUT. - - - V_VBRK_VKO RC=0 VKORG=MX02;ACTVT=01;

20:18:34:434 AUT. - - - V_VBRK_FKA RC=0 FKART=F2;ACTVT=01;

20:18:35: 4 AUT. - - - P_ORGIN RC=0 INFTY=0001;SUBTY=' ';AUTHC=R;PERSA=;PERSG=;PERSK=;VDSK1=;

20:18:35: 7 AUT. - - - P_ORGIN RC=0 INFTY=0002;SUBTY=' ';AUTHC=R;PERSA=;PERSG=;PERSK=;VDSK1=;

20:18:35:11 AUT. - - - P_ORGIN RC=0 INFTY=0900;SUBTY=' ';AUTHC=R;PERSA=;PERSG=;PERSK=;VDSK1=;

20:18:36:133 AUT. - - - V_VBRK_VKO RC=0 VKORG=MX02;ACTVT=01;

20:18:36:133 AUT. - - - V_VBRK_FKA RC=0 FKART=ZLAT;ACTVT=01;

20:18:37:888 AUT. - - - S_CTS_ADMI RC=0 CTS_ADMFCT=TABL;

The problem is that the user while execution a procedure to create a few invoices have them with ZERO "0" Value on them.

On most cases there is no problem with it, this happens sometimes.

Sorry if I Could not express right and will put more information if needed.

Regards.

Vladimir

Re: Authorization checks vs ST01 data

jurjen_heeck — Tue, 28 Oct 2008 14:07:01 GMT

> 20:18:34:342 AUT. - - - V_VBRK_VKO RC=0 VKORG= ;ACTVT=19;

I think (not completely sure here) the authorization check above just checks the activity and does not bother about the value of the VKORG field.

Another possibility is that some authority-checks have been switched off for this transaction. Have a look in transaction SU24. If an authority-check is disabled it will always show up in the trace with RC=0, regardless of the users' actual authorizations.

Jurjen

Re: Authorization checks vs ST01 data

Bernhard_SAP — Tue, 28 Oct 2008 14:47:18 GMT

Hello Vladimir,

the value MX* covers also MX02. so the user is authorizted for MX02....

In the moment I cannot see an issue with the result of ST01, which you have copied here into yur post. Looks correct for me....

b.rgds, Bernhard

Re: Authorization checks vs ST01 data

Bernhard_SAP — Tue, 28 Oct 2008 14:48:43 GMT


> > 20:18:34:342   AUT.	  - - -	V_VBRK_VKO RC=0	VKORG= ;ACTVT=19;
> 
> I think (not completely sure here) the authorization check above just checks the activity and does not bother about the value of the VKORG field. 
>

Hi Jurjen,

you are right. This is a typcal case for the check for value 'dummy'.

b.rgds, Bernhard

Re: Authorization checks vs ST01 data

Former Member — Tue, 28 Oct 2008 14:50:01 GMT

If the issue is that you want to prevent users from posting a zero value invoice, then you will need to look in the IMG customizing for an option (and in the ERP Finance forums).

I am not aware that you can control this using authorizations. At least, not without adding your own code somwhere.

Cheers,

Julius