https://community.sap.com/t5/application-development-and-automation-discussions/sm50-authorization/m-p/5141067#M1191546 <HTML><HEAD></HEAD><BODY><P>You don't need to use that code, the system uses it when you try to perform "process administration functions" in the system.</P><P></P><P>So, by not granting authority for the object checked in the standard coding above, your user would not be able to perform this function regardless of their tcode.</P><P></P><P>Generally, it is better to use the menu and set objects to "Inactive" (or tweak SU24) than to insert manual authorization instances. This way, other people will understand what you have done and why.</P><P></P><P>Cheers,</P><P>Julius</P></BODY></HTML> Mon, 09 Feb 2009 11:17:35 GMT Former Member 2009-02-09T11:17:35Z https://community.sap.com/t5/application-development-and-automation-discussions/sm50-authorization/m-p/5141064#M1191543 <HTML><HEAD></HEAD><BODY><P>Hi gurus,</P><P></P><P>We are using SAP NetWeaver 2004s. There is a new user that I need to create, I have created a role for it as well. However, in this role, I want the user to execute the transaction SM50, but the user shouldn't be able to cancel any of the work processes. How can I do it? Any help would be greatly appreciated.</P><P></P><P>Regards,</P><P>Sree</P></BODY></HTML> Thu, 05 Feb 2009 12:28:27 GMT https://community.sap.com/t5/application-development-and-automation-discussions/sm50-authorization/m-p/5141064#M1191543 Former Member 2009-02-05T12:28:27Z https://community.sap.com/t5/application-development-and-automation-discussions/sm50-authorization/m-p/5141065#M1191544 <HTML><HEAD></HEAD><BODY><P>Does the trace not work in your system?</P><P></P><P>Anyway, forget about the tcode....</P><P></P><P>What you are looking for is:</P><P></P><PRE><CODE>FORM AUTH_CHECK USING UCOMM AUTH_ERR. AUTH_ERR = 0. IF ( UCOMM &lt;&gt; 'END' ) AND ( UCOMM &lt;&gt; 'BACK' ) AND ( UCOMM &lt;&gt; 'ABBR' ) AND ( UCOMM &lt;&gt; 'WPDI' ) AND ( UCOMM &lt;&gt; 'CPU' ) AND ( UCOMM &lt;&gt; 'USER' ) AND ( UCOMM &lt;&gt; 'REFR' ). AUTHORITY-CHECK OBJECT 'S_ADMI_FCD' ID 'S_ADMI_FCD' FIELD 'PADM'. IF SY-SUBRC &lt;&gt; 0. MESSAGE S433. AUTH_ERR = 1. ENDIF. ENDIF. ENDFORM. "AUTH_CHECK</CODE></PRE><P></P><P>Cheers,</P><P>Julius</P></BODY></HTML> Thu, 05 Feb 2009 12:49:09 GMT https://community.sap.com/t5/application-development-and-automation-discussions/sm50-authorization/m-p/5141065#M1191544 Former Member 2009-02-05T12:49:09Z https://community.sap.com/t5/application-development-and-automation-discussions/sm50-authorization/m-p/5141066#M1191545 <HTML><HEAD></HEAD><BODY><P>Dude,</P><P> Thanks for the reply, however, I didn't really get what was that all about. The code that you gave, I was not able to make out as to how am I suppose to use that code. So I figured out my own way out of this. When you create a role using PFCG transaction, do not use SAP_ALL profile. Add the transaction SM50 manually in the Auth object S_TCODE, Then Use the Authorization class AAAB which take care of all the Cross Application Authorization objects, and add an auth object S_SPI_AUTH. Add 03 in the Activity with which you can only display the Work processes. </P><P> Anyways I atleast appreciate you replying.</P><P>Thanks for you help...</P><P></P><P>Regards,</P><P></P><P>Sreekul Nair.</P></BODY></HTML> Mon, 09 Feb 2009 10:17:03 GMT https://community.sap.com/t5/application-development-and-automation-discussions/sm50-authorization/m-p/5141066#M1191545 Former Member 2009-02-09T10:17:03Z https://community.sap.com/t5/application-development-and-automation-discussions/sm50-authorization/m-p/5141067#M1191546 <HTML><HEAD></HEAD><BODY><P>You don't need to use that code, the system uses it when you try to perform "process administration functions" in the system.</P><P></P><P>So, by not granting authority for the object checked in the standard coding above, your user would not be able to perform this function regardless of their tcode.</P><P></P><P>Generally, it is better to use the menu and set objects to "Inactive" (or tweak SU24) than to insert manual authorization instances. This way, other people will understand what you have done and why.</P><P></P><P>Cheers,</P><P>Julius</P></BODY></HTML> Mon, 09 Feb 2009 11:17:35 GMT https://community.sap.com/t5/application-development-and-automation-discussions/sm50-authorization/m-p/5141067#M1191546 Former Member 2009-02-09T11:17:35Z https://community.sap.com/t5/application-development-and-automation-discussions/sm50-authorization/m-p/5141068#M1191547 <HTML><HEAD></HEAD><BODY><P>Dude,</P><P> you're name should Indeed be Genius, than Julius....</P><P></P><P>Thankz for the reply, you ought to get more points..</P><P>bye.</P><P>Take care...</P><P></P><P></P><P>Sreekul nair.</P></BODY></HTML> Mon, 09 Feb 2009 12:34:28 GMT https://community.sap.com/t5/application-development-and-automation-discussions/sm50-authorization/m-p/5141068#M1191547 Former Member 2009-02-09T12:34:28Z https://community.sap.com/t5/application-development-and-automation-discussions/sm50-authorization/m-p/5141069#M1191548 <HTML><HEAD></HEAD><BODY><P>Actually, I prefer "Guru"... <SPAN __jive_emoticon_name="wink"></SPAN></P><P></P><P>So how did you solve it? I thought we were just getting started...</P><P></P><P>Cheers,</P><P>Julius</P></BODY></HTML> Mon, 09 Feb 2009 20:47:34 GMT https://community.sap.com/t5/application-development-and-automation-discussions/sm50-authorization/m-p/5141069#M1191548 Former Member 2009-02-09T20:47:34Z