Community
Application Development and Automation Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Read only

Tcode SO01

Go to solution
Former Member

‎2008 May 10 12:27 AM

0 Likes
3,398

How can we come to know which Authorization object is necessary for Tcode SO01. If possible tell me steps.

1 ACCEPTED SOLUTION
Read only

Go to solution
Former Member

‎2008 May 10 1:35 AM

0 Likes
2,121

Hi Sarita,

1.You can find the related authorization objects using SU24 tcode by mentioning the tcode name, the objects which are check/maintained are the objects related to the tcode.

2.Other option would be by using Table USOBT and USOBT_C (SE16 tcode)

3.You can check in SE93, and see what authorization object is being checked from Authority check program.

Rakesh

8 REPLIES 8
Read only

Go to solution
Former Member

‎2008 May 10 1:35 AM

0 Likes
2,122

Hi Sarita,

1.You can find the related authorization objects using SU24 tcode by mentioning the tcode name, the objects which are check/maintained are the objects related to the tcode.

2.Other option would be by using Table USOBT and USOBT_C (SE16 tcode)

3.You can check in SE93, and see what authorization object is being checked from Authority check program.

Rakesh

Read only

Go to solution
Former Member

‎2008 May 10 9:27 AM

0 Likes
2,121

Hi,

I would suggest to go for Authorization trace (ST01).

Switch on the trace.

Execute the t-code SO01, do all the changes/viewing which you want to do and analyze the trace file. You will get all the auth objects that are being checked with their respective field values.

Hope this helps,

Cheers,

Hemant

Read only

Go to solution
Former Member
In response to Former Member

‎2008 May 12 9:47 AM

0 Likes
2,121

The trace is good for finding out if that object is actually called / checked while executing but SU24 would be where I would go.

Just a quick point but make sure that you are on the same application server as the user being traced otherwise you will not get great data.

Cheers,

Simon

Read only

Go to solution
Former Member
In response to Former Member

‎2008 May 12 9:53 AM

0 Likes
2,121

I agree with Hermant.

SU24 is a useful indicator wheras ST01 will give actual values checked depending on your use of the transaction.

Read only

Go to solution
Former Member
In response to Former Member

‎2008 May 12 11:30 AM

0 Likes
2,121

Thats correct Alex!

Check/ Check-maintained fields in su24 are of use only if they are checked in the program. ST01 helps in identifying the events which check for the corresponding auth objects. Giving access to auth objects solely on the basis of su24, we may end up giving more accesses than actually required.

Also, many a times, due to security issues, critical auth objects are only checked and not maintained in su24. In that scenario ST01 helps in identifying the actual value that needs to be given for those.

Read only

Go to solution
jurjen_heeck
Active Contributor
In response to Former Member

‎2008 May 12 11:56 AM

0 Likes
2,121

> 

> I agree with Hermant.  
> 
> SU24 is a useful indicator wheras ST01 will give actual values checked depending on your use of the transaction.

Also nice to know that objects will appear in the ST01 trace (with RC=0) even if they're set to 'do not check' in SU24.

Read only

Go to solution
Former Member
In response to Former Member

‎2008 May 12 11:59 AM

0 Likes
2,121

Good point Jurjen, another reason to stick with the trace!

Read only

Go to solution
Former Member

‎2008 May 12 12:59 PM

0 Likes
2,121

Thanks all of you for giving such a quick reply.