Hello,

Its not failing on 'ACTVT' its failing on '_OBJNAME_', SU53 is saying user needs 'OBJNAME=*'. We cannot give this value as the user will able to excute all the scripts, objective is to restrict by business(MM, PP,..)

Gowri,

When I started first, I used same values as you but doesnt work. I did different trial runs like (ZPP_, ZPP, ZP*) nothing worked.

I looked in to ST01 analysis also, look same. ITs failing on OBJNAME= *, which we cannot give.

Your thoughts.

Thanks.

What I meant was OBJNAME = * in combination with which ACTVT value in the check?

This will tell us the coding location (used to modify the screen, determine a visible list, etc)...

Cheers,

Julius

Hi Julius - Got it! See below:

S_DEVELOP:(Failed ON)

ACTVT: 70

DEVCLASS: DUMMY

OBJNAME: *

OBJTYPE: ECAT

P_GROUP: Dummy

Current values in user role:

ACTVT: 03, 16, 70

DEVCLASS: *

OBJNAME: ZPP*

OBJTYPE: ECAT, ECSC, ECTC

P_GROUP: *

Thanks.

Experts could I dare to bribe you with something you like

Did not hear anything, so thought lets take a different route.

Thanks in advance.

> Experts could I dare to bribe you with something you like

Beers are on you?

That activity (70) is only used in SCAT and not SECATT, so you can ignore it. I am not sure why it is appearing in the trace (it doesn't in mine) but should not interfer with the activity 16 checks.

Try to remove the 70 completely and test to see whether the activity 16 appears? Just a guess, as it might still be some "compatibility" coding with the old CATT functions and existing roles to use them.

Cheers,

Julius

Oh Sure Julius! It will be my pleassure..ha..ha..

I will take a shot on your suggestion, but I am sure will see same thing in trace as when we created role we did not include act=70; we started with 03 and 06.

Other thing I want to add is:

-We created these new scripts using SECATT, I see above discussed issue when I am trying to run this scripts. It works absolutely fine when I assign '' for 'OBJNAME' field instead of specific values like ZPP, ZP* or full value.

-we are on ECC 6.0, if that helps.

Will let you know what I see.

Thanks.

Edited by: AJ on May 19, 2010 10:38 PM

Reconstructing the same thing and expecting different results is only possible accross release boundaries (and modifications).

Where are you in that respect?

Cheers,

Julius

This is what I see from the new test in SU53 screenshot:

ACTVT: 70

DEVCLASS: DUMMY

OBJNAME: ' '

OBJTYPE: ECAT

P_GROUP: DUMMY

ST01 output:

S_Develop RC=4 TCODE:SECATT; DEVCLASS= ; OBJTYPE= SCAT; OBJNAME= *; P_GROUP= ; ACTVT=16

Role authorizations does have:

ACTVT: 03, 16

DEVCLASS: *

OBJNAME: ZPP*

OBJTYPE: ECAT, ECSC, ECTC, SCAT

P_GROUP: *

Your thoughts.

Are you on 4.6C?

Even support on SDN is limited...

I have just tested in SCAT in SECATT as well. The trance shows same, user can't execute. Have you execute it completely in SECATT?

S_DEVELOP RC=4 OBJTYPE=ECTC;OBJNAME=

Z_MM_TEXT

;ACTVT=03;P_GROUP= ;DEVCLASS= ;

I have restricted in ZZ* in object type.

Regards,

Gowrinadh

Julius - we are on ECC 6.0

Gowrinadh - Thanks for checking on your side.

Its pretty strange! On your side, it show up as 'OBJNAME=Z_MM_Text'. However on my side it show up as 'OBJNAME=* and ' ', I dont know what is going on.

We created these scripts in SECATT and also trying to run in SECATT, I would have been attached if we had option to add attachments.

I think there is something else also tied up with authorization issue which is causing this mess.

Thanks.

Guys - Is this really tough question? I see no thoughts coming in, experts comon!

You have a custom programming (perhaps to force this authorization via an authority-check which is too strict?) and then made a screen-shot of the SU53 result and saved it in the MIME repository. You then created a screen variant for SU53 which then calls the MIME repository to display the screenshot and assigned it to the users.

If it is the underscore "_" then you deserve a beer for finding it, but other than that I give up. What's the answer?

Cheers,

Julius

Hey Julius - Things went above my head, will you please explain like step by step what should I look for?

Thanks Much.

Step-by-step: I don't know and can only guess from here because I cannot reconstruct it.

Please check in transaction SPAU whether there is anything registered there for SECATT?

What I meant by the previous post is that I give up, and can only guess now...

Cheers,

Julius

Thanks Anyways! I appreciate your suggestions.

Will look into SPAU and get back to you.