topic Re: User Profile issues in Application Development and Automation Discussions

User Profile issues

Former Member — Mon, 05 Jul 2010 12:19:54 GMT

In ECC Prod, When using the tcode ZFBSET, user A is not able to see the buttons or menu option to Choose Layout, Change Layout or Save Layout. and User B, received the tcode at the same time as user 'A' and is able to see the layout buttons. why User 'A' can't customize his layout but user B can.

for this I did user comparision through SUIM and found some Auth Object missing in user A

S_BDC_MONI

K_KA_RCS

Grcff_0001

C_PSTX_ART

C_MLST_BGR

B_SMAN_WPL

when i added missing auth objects manually issue is still the same.

Re: User Profile issues

Former Member — Mon, 05 Jul 2010 12:43:28 GMT

Hi Chandresh,

Just check whether the user has been assigned the Authorization Object S_ALV_LAYO with activity 23

Re: User Profile issues

Former Member — Mon, 05 Jul 2010 15:17:17 GMT

Hi Sid,

I have checked both the users profiles with Auth Objects S_ALV_LAYO.

User A has 8 profiles in which 6 has value '23' and 2 have value '*'

User B has 11 profiles in which 9 has value '23' and 2 have value '*'

the user B has only 3 more profiles with value '23' than user B ,.

Now please suggest.

Re: User Profile issues

Former Member — Mon, 05 Jul 2010 15:34:55 GMT

Hi Chandresh,

If all authorizations of two users are exaclty same then just check whether this is controlled by any table level restrictions.

I mean, sometimes there will be two roles with same authorizations (Role A = Role B), but these are maintained at table as in who will do what. For example: User A assigned to Role A can do everything but User B assigned to Role B can do restricted activity.

This is done by maintaining these roles at a table level

Just check, if the program of transaction ZFBSET has been setup in this way

Edited by: Siddhartha Varma on Jul 5, 2010 4:58 PM

Edited by: Siddhartha Varma on Jul 5, 2010 5:00 PM

Re: User Profile issues

Former Member — Mon, 05 Jul 2010 16:38:14 GMT

Hi Sid,

But the program behind the ZFBSET will be accessed by both user A and user B as the tcode is accessed ,

And user A is restricted and user B is not restricted.

Do u mean that the table level restriction thru some AUTHORITY_CHECK statements, or through S_TABU_DIS

I cant understand can u please explain.

Re: User Profile issues

Former Member — Mon, 05 Jul 2010 16:50:49 GMT

Hi Chandresh,

Yes. It may be controlled in that way, I mean by table level. These two similar roles are assigned in a particular table & restriction would be placed in the table against each of the role.

Example: When Role A is assigned to a user - with restricted access as defined in the table for Role A & when user calls the transaction, the program will check the role in the table and will allow the user activity as it is defined in the table for that role.

Just check with your ABAP/Functional Team, if this is designed in this way

PS: Check the above only when you are sure that all authorizations are exaclty same for both the users

Re: User Profile issues

Former Member — Mon, 05 Jul 2010 21:23:35 GMT

Chandreah,

Compare both the authorizations i.e user A & USER B. you will get to know what is he missing.

create a new user and add roles(user b roles) one at a time and check whether new user is able to get change layout,by this you will know which roles r giving access to change layout / save.

or create a new test role with only this transaction. run a trace. Make sure all the objects are present in the role.

Did you maintain any check maintain auth object for the mentioned ztcode?

2. refresh user buffer

3. dont forget to do user comparsion

Thanks,

Sri

Re: User Profile issues

Former Member — Tue, 06 Jul 2010 16:40:42 GMT

Hi Chandresh Bajpai,

You should work with your developer to make sure that and authroization field and object is enabled for authority check for the userA and USER B.

What it means is the custom transaction code should include a custom authority field and custom authority object to make this happen. so that you can permit one userA and restrict the other(UserB) in your case.

I think the Ztcode created is not performing the authority check.

Next put your trace on to find out for each user to restrict or based based on your trace result.

Respectfully

Re: User Profile issues

Former Member — Thu, 08 Jul 2010 13:33:14 GMT

Hi,

There are more objects involved with layout, I just had some quarrel with F_IT_ALV and succeeded. I found it because of the output from SU53 from the user.

Have fun

Bye Jan van Roest

Re: User Profile issues

Former Member — Sat, 10 Jul 2010 06:43:06 GMT

This message was moderated.