topic Re: Issue with authorization objects in Application Development and Automation Discussions

Issue with authorization objects

Former Member — Thu, 14 Jan 2010 14:44:11 GMT

Hi,

We are running on ECC 6 . There is an issue while adding t-codes to a role.

When we add a transaction code in the Menu tab, for eg, a Z transaction code, it throws up a whole lot of open authorization objects under the authorization tab (open authorizations under FI, MM, so on). The open values proposed are all the default values in SU24. This happens even if we use the 'Read old status and merge with the new'. Our check indicator maintenance for all t-codes seem to be fine. Pls advise.

Cheers!!

Re: Issue with authorization objects

Former Member — Thu, 14 Jan 2010 14:49:53 GMT

So where is the question?

Re: Issue with authorization objects

jurjen_heeck — Thu, 14 Jan 2010 14:49:57 GMT

This is standard behaviour. SAP doesn't consider the one transaction you've added but re-evaluates the whole menu for the role.

Re: Issue with authorization objects

jurjen_heeck — Thu, 14 Jan 2010 14:50:29 GMT


> So where is the question?

I guessed at "pls advise."

Re: Issue with authorization objects

Former Member — Thu, 14 Jan 2010 15:29:03 GMT

We should offer a multiple-choice checkbox option for questions like this..

I still don't get it!

Cheers,

Julius

Re: Issue with authorization objects

Former Member — Thu, 14 Jan 2010 16:01:51 GMT

Looks to me Yellow trafic light problem where the security administrators have changed the Standard Auth object to CHANGED by modifying it directly instead of :

1. Making a copy of Standard Auth object

2. Making the standard Auth object inactive

3. And then doing the change in the copy of that standard Auth object.

Re: Issue with authorization objects

Former Member — Thu, 14 Jan 2010 16:04:34 GMT

Hi,

My apologies !! My question is why is it that by adding a 'Z' transaction code does it throw open authorization objects unrelated to it. I did a little research. Pls see my findings below.

As Julius suggested, this is a normal behaviour where the entire t-codes added are evaluated and the relelvant authorization objects are asked to maintain. The default values (SU24 values) are once again populated if they were not maintained during the earlier maintenance. Pls correct me if I am wrong. Thanks very much for your time.

Cheers!!

Re: Issue with authorization objects

Former Member — Thu, 14 Jan 2010 16:33:44 GMT

> The default values (SU24 values) are once again populated if they were not maintained during the earlier maintenance.

They are populated again if they were deleted during the earlier maintenance or are in a changed status of the original authorization where new values in SU24 are proposing something different.

That is why you should never delete standard or maintained authorizations and try to avoid the copy & change strategy by maintaining SU24 to meet your needs.

It shounds like SU24 is not as "fine" as you have stated before hand.

Cheers,

Julius

Re: Issue with authorization objects

Former Member — Mon, 18 Jan 2010 15:07:04 GMT

Thanks Julius !!