Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Showing results for 
Search instead for 
Did you mean: 

Analize authority checks in web dynpro processing

Clemenss
Active Contributor
0 Kudos

Hi,

I'm facing strange things here.

A user was reported not to be able to successfully use a function provided in our system:

We provide a function for use of our call center agents that will reprocess and output document and send it by mail to the customer. It looks as if it worked but the mail is not sent.

I started SE80 with my own user and put some external breakpoints in the webdynpro code for the agents username. Then I started the webdynpro application by entering the URL into the browser and logging in with the agent's credentials.

On my first try, the debugger started ehen the external breakpoint was reached. SY-UNAME was the agent's name but everything went fine.

Obviously the authority checks where done for my own user although there was a different sy-uname.

I logged off completely and started a second time. I used my owner user to set the external breakpoints because the agent's user has no rights for development, just restricted to a couple of roles.

This time I got a rabax state error - the dump was caused because the agent's user does not have authority for debug. The rabax error shoed me the call hierarchy and pointed to the method where I set the external breakpoint.

So, is the any way to come close to the code where authorization check fails?

Or - which we could try: What are the roles/profiles for use of SAPOFFICE? (in SU53, we can see failed checks, but it looks strange as there are failed authority-checks for ...ADMIN - dont know exactly because now I', home and don't have remote access).

Good ideas always welcome!

Note: Nobody knows why this function is implemented in Webdynpro but we have to live with it and get it working for this group of agents.

Regards

Clemens

1 REPLY 1

Former Member
0 Kudos

Traditionally I would probably have used ST01 with the "Authorization check" option and general filters to log which authority checks are working / failing.

But now I quite like using ST05 (SQL Trace) instead as drilldown to the code is available ... you can tick the "Buffer Trace" option and "Activate Trace with Filter" to log the other user's calls - this will then display lots of references to tables USOBX_C and USRBF2 - drilling to the code on these usually gives you the "authority-check object 'xyz' .." details.

Jonathan