https://community.sap.com/t5/application-development-and-automation-discussions/security-admin-can-deactivate-authorization-object-standard/m-p/10409593#M1843350 <HTML><HEAD></HEAD><BODY><P>Security Gurus, </P><P></P><P>I am facing a unique situation with regards to Security Admin’s access in Production to deactivate authorization objects.</P><P></P><P>The Security Admin in Production when opens a role in PFCG, then goes to Authorization tab and tries to deactivate authorization objects with different status, the results are as follows:</P><P></P><P>- Authorization Object (Manually) : Cannot deactivate/ or activate</P><P>- Authorization Object (Maintained) : Cannot deactivate/ or activate</P><P>- Authorization Object (Changed): Cannot Deactivate/ or activate</P><P>- Authorization Object (Standard): Can Deactivate, but cannot activate</P><P></P><P>So the Security Admin can deactivate “Authorization Object (Standard)”, however it cannot reactivate the same or any other authorization object.</P><P></P><P>The trace is not picking up any check when “Authorization Object (Standard)” is Deactivated, however for every other failed deactivation &amp; re-activation it is showing missing authorization for S_USER_VAL (which is assigned as all ‘’, i.e. No authorization). S_USER_AGR is assigned with 02 access, which is coming in for user assignment.</P><P></P><P>Do you think it is a bug, or there is a way to that deactivation of “Authorization Object (Standard)” can be limited without affecting access for user assignment ? </P></BODY></HTML> Wed, 18 Jun 2014 16:43:58 GMT shivraj_singh2 2014-06-18T16:43:58Z https://community.sap.com/t5/application-development-and-automation-discussions/security-admin-can-deactivate-authorization-object-standard/m-p/10409593#M1843350 <HTML><HEAD></HEAD><BODY><P>Security Gurus, </P><P></P><P>I am facing a unique situation with regards to Security Admin’s access in Production to deactivate authorization objects.</P><P></P><P>The Security Admin in Production when opens a role in PFCG, then goes to Authorization tab and tries to deactivate authorization objects with different status, the results are as follows:</P><P></P><P>- Authorization Object (Manually) : Cannot deactivate/ or activate</P><P>- Authorization Object (Maintained) : Cannot deactivate/ or activate</P><P>- Authorization Object (Changed): Cannot Deactivate/ or activate</P><P>- Authorization Object (Standard): Can Deactivate, but cannot activate</P><P></P><P>So the Security Admin can deactivate “Authorization Object (Standard)”, however it cannot reactivate the same or any other authorization object.</P><P></P><P>The trace is not picking up any check when “Authorization Object (Standard)” is Deactivated, however for every other failed deactivation &amp; re-activation it is showing missing authorization for S_USER_VAL (which is assigned as all ‘’, i.e. No authorization). S_USER_AGR is assigned with 02 access, which is coming in for user assignment.</P><P></P><P>Do you think it is a bug, or there is a way to that deactivation of “Authorization Object (Standard)” can be limited without affecting access for user assignment ? </P></BODY></HTML> Wed, 18 Jun 2014 16:43:58 GMT https://community.sap.com/t5/application-development-and-automation-discussions/security-admin-can-deactivate-authorization-object-standard/m-p/10409593#M1843350 shivraj_singh2 2014-06-18T16:43:58Z https://community.sap.com/t5/application-development-and-automation-discussions/security-admin-can-deactivate-authorization-object-standard/m-p/10409594#M1843351 <HTML><HEAD></HEAD><BODY><P>sapnote - 312682 - has been very helpful with this issue. Regards, Shivraj </P></BODY></HTML> Mon, 07 Jul 2014 17:50:05 GMT https://community.sap.com/t5/application-development-and-automation-discussions/security-admin-can-deactivate-authorization-object-standard/m-p/10409594#M1843351 shivraj_singh2 2014-07-07T17:50:05Z https://community.sap.com/t5/application-development-and-automation-discussions/security-admin-can-deactivate-authorization-object-standard/m-p/10409595#M1843352 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>the behaviour should be as is described in note #642359. I suggest to recheck the values you have in s_user_val-auth-fields...</P><P>b.rgds, Bernhard</P></BODY></HTML> Wed, 09 Jul 2014 06:39:53 GMT https://community.sap.com/t5/application-development-and-automation-discussions/security-admin-can-deactivate-authorization-object-standard/m-p/10409595#M1843352 Bernhard_SAP 2014-07-09T06:39:53Z