Community
Application Development and Automation Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Read only

authorization objects problem , unable to delete

Former Member

‎2007 Oct 23 2:58 AM

0 Likes
3,695

hi all,

i hv created authorization object via SU21. ZZ_program, I am trying to modify but it prompts warning:

<b>Field assignment for object ZZ_PROGRAM cannot be changed as auth. for it exist

Message no. 01221

Diagnosis

You attempted to change an object for which authorizations exist. Authorization fields for the object cannot be changed here.

Procedure

If you want to change the object anyway, you must first delete all authorization belonging to this object. Consider that other systems may also be affected.</b>

after i enter the message, it prompts the whereuse list

<b>Where-Used List

Authorization Object

ZZ_PROGRAM

Berechtigungen

AA________00

Rollen

ZZPROGRAM </b>

after that, the fields are all greyed off, i am unable to change the authorizatiion fields and i do not understand the where use list result, can anybody pls help ?

i am working on sap 4.7

11 REPLIES 11
Read only

Former Member

‎2007 Oct 23 3:05 AM

0 Likes
2,101

You are using this Authorization object in the program. So you are not able to delete it.

Comment code in the program, activate the program and try again.

ashish

Read only

Former Member
In response to Former Member

‎2007 Oct 23 3:08 AM

0 Likes
2,101

Hi Ashish,

I have commented the coding in both my customised programs ZMPUm044 and zmpum020, the whereuse list given are not customised program error message

Read only

Former Member
In response to Former Member

‎2007 Oct 23 3:13 AM

0 Likes
2,101

Can you check SU20 and SU21? I think the mapping with the Authorization field is present in SU20 so you are getting an error.

Please check this and let me know.

ashish

Read only

Former Member
In response to Former Member

‎2007 Oct 23 3:19 AM

0 Likes
2,101

Hi Ashish,

In su20, the authorization object exists, i am trying to delete, but still gives me the same warning message and the field is greyed off, means am not able to delete or change .

Both su20 and su21 are inter-related, i try to delete either one but both give me the same warning message, end up i am unable to delete/change both

Read only

Former Member
In response to Former Member

‎2007 Oct 23 3:24 AM

0 Likes
2,101

Goto SU20, select the field, go in change mode.

See section, "Use in Authorization Objects".Your Authorization object must be entered here. Delete it from the list and save the object.

That should help.

ashish

Read only

Former Member
In response to Former Member

‎2007 Oct 23 3:30 AM

0 Likes
2,101

Hi Ashish,

There is not delete icon at the path you gave me , pls advice

Read only

Former Member
In response to Former Member

‎2007 Oct 23 3:42 AM

0 Likes
2,101

Can you first delete the Authorization object in Su21 and then modify in SU20?

Read only

Former Member
In response to Former Member

‎2007 Oct 23 3:46 AM

0 Likes
2,101

Hi Ashish,

I have tried to delete Su21 first but it still gave me the same warning message and i am unable to delete it

Read only

Former Member
In response to Former Member

‎2007 Oct 23 3:47 AM

0 Likes
2,101

Can you check with your basis team if you have required authorizations?

Read only

JoffyJohn
Active Contributor

‎2007 Oct 23 4:03 AM

0 Likes
2,101

There is one particular check with Table <b>USR12</b> (User Master Authorization Values) and also with table <b>AGR_1251</b> (Authorization data for the activity group).

SELECT distinct AUTH FROM USR12

appending table list

WHERE OBJCT = OBJECT

and AUTH ne '&_SAP_ALL'

and AUTH ne '&_SAP_APP'

order by auth.

if sy-subrc = 0.

insert 'Berechtigungen' into list index 1.

RC = 1.

endif.

append 'Rollen' to list.

index = sy-tabix.

SELECT distinct agr_name FROM AGR_1251

appending table list

WHERE OBJECT = OBJECT

order by agr_name.

If that is sucessful , you cannot change the authorization object.

See the content of <b>AGR_1251</b> table using your authorization object name. Then you will Role name from field AGR_1251-AGR_NAME

with this role name, go to Tcode: <b>PFCG</b>

and give the Role name and click on change button

In authorization tab.Chick on Change Authorization Data.

And find and remove this authorization object from there.

And then proceed with changing the Authorization object.

Hope this will solve ur issue.

Read only

Former Member
In response to JoffyJohn

‎2007 Oct 23 7:21 AM

0 Likes
2,101

hi guys,

my Basis guy has given me SAP_ALL, and am still unable to do ammendment.

i found out that in pfcg, the role i created contains the authorization obj, so i deleted it and only i can edit su20/21..

he said by rite, SAP_ALL is able to overwrite and do the ammendment