Question: Could someone please give me a brief overview of the use of ' ' as a value in an authorization fields contents.
I am told it has something to do with referencing the PNP logical database, and is only used with Structural Authorizations.
Any assistance or pointers to further reading would be much appreciated.
Thanks in advance
Answer:
The two single quotes ( for fields of length two or grater) represents a blank value which you will sometimes see in SU53 as the word
SAP uses this at the start of transactions to determine if you have read, create, change, etc access to even start the transaction. In many cases in SAP the actual "organizational" Field value ( Company code, Employee group, plant etc) is not known until you request a record from the system, so SAP just checks Activity at initiation.
The blank or dummy field has noting to do with structural authorizations and is not limited to Logical databases.
Answer:
So John,
There is no difference in an SU53-output with ' ' and with the value
How come then, that I sometimes explicitely have to authorize on value ' ', in spite I have already values included in the relevent field.
In my opinion this is one of SAP bug's you find every now and then.
MJ
Answer:
They are one-in-the-same, The word
It is not a bug in SAP that you have to specify a blank AND a specific field value. If you do NOT have an asterisk and specify a value you need both. As noted above, SAP checks authorization for activity only BEFORE it has a value for the other fields. At the point of the
So if you specify a field specifically and not generally you should supply both the actual value and a blank ( ' '). It is not a bug .
Answer:
Hi,
I am pretty sure this is a coding error too.
When a programmer specifies an authorisation check they can skip a specific field value to check only the activity as John stated. To do this you need to code the word DUMMY as below:
AUTHORITY-CHECK OBJECT 'S_USER_SYS'
ID 'SUBSYSTEM' FIELD DUMMY
ID 'ACTVT' FIELD '78'
If you put a blank space in like this:
AUTHORITY-CHECK OBJECT 'S_USER_SYS'
ID 'SUBSYSTEM' FIELD ' '
ID 'ACTVT' FIELD '78'
Then the user will need the value ' ' in their profile.
If you put the word DUMMY in like this:
AUTHORITY-CHECK OBJECT 'S_USER_SYS'
ID 'SUBSYSTEM' FIELD 'DUMMY'
ID 'ACTVT' FIELD '78'
Then the user will need the value DUMMY in their role.
So I think its a bug caused by programming errors similar to the above. If you specify ' ' in all your authorisations it won't do any harm, but it will mean that you won't have any open authorisations which is going to be misleading since the number of occasions when you will need a value of ' ' for an authorisation check is very small.
Answer:
Actually the need for the double quotes id quite frequent and almost manditory in HR if you do not use a asterisk. If you coddes 'DUMMY' instead of DUMMY you are no longer requesting a blank bu the word DUMMY. THere is old code the references a field DUMMY which is preceded by the word ID and the the SU53 displays
Answer:
It's also possible that this problem occurs because the user has forgot to fill in a certain field that has status 'mandatory' but in fact is 'obligatory'.
I've encoutered this problem some time ago with the change of contracts (ME32K).
In the creation of the contract the user forgot to fill in the field 'Plant'.
When he (or another user) tried to change the contract afterwards SAP checked on the object M_RAHM_WRK and requested the value ' ' for plant.
Best Regards,
Koen
Answer:
So if you specify a field specifically and not generally you should supply both the actual value and a blank ( ' '). It is not a bug .
How can I add a ' ' ? It is not available in the allowed values for the authorization object fields.
Answer:
Which field, which object? One way or the other you can add it.
Answer:
For example object CRM_CPGAGR, field MKTPL_AUGR.
In that field, I'd list the authorization groups for campaigns allowed for the role.
In the first popup for maintenance, I can enter a space, but SAP ignores it when I close the popup. If I click on F4 for possible entries, SAP just gives me the list of the existing authorization groups (defined in config), and I can only select from those.
Answer:
The system I am on does not have CRM so I cannot check but usually authorization checks with authorization groups are NOT checked if the value of the auth group is blank so you should not need one, If your SU53 shows that it is then you have to go to config and "add" a blank. Sometimes SU21 will let you add values, but generally it is reserved for ACTVT.
Answer:
For CRM_CPGRES I use *, for CRM_CPGAGR I specify individual values, as I want to limit access by groups
Tracing yields the following results:
CRM_CPGRES RC=0 MKTPL_RESP=' '#@(#) $Id:
//bas/620/src/krn/auth/aut;ACTVT=01;
CRM_CPGAGR RC=4 MKTPL_AUGR=' '#@(#) $Id:
//bas/620/src/krn/auth/aut;ACTVT=01;
I was able to create a new authorization group ' ' in customization , and it became available in SU24, PFCG etc. However, when I select it to the profile, SAP ignores it. The object still has an orange light, as if nothing was chosen.
I take this for a bug. I didn't find suitable notes, so I'll create a customer message and inform here of any findings.
Answer:
Hi, in fact it was as simple as to add '' directly in role maintenance. I only tried hitting space before, but then tested with the inverted commas, and it works.
How to Earn Rs.25000 every month in internet without Investment?
Using ' ' in authorisation object value field
Labels:
SAP USER FAQs
Subscribe to:
Post Comments (Atom)
topics
-
▼
2007
(1406)
-
▼
November
(1359)
- Free Download SAP FI Certification study pdf books
- Implementing SAP R/3 on OS/400
- Update SAP Kernel in UNIX based
- Security Audit Log (BC-SEC).pdf
- Security Audit Log.pdf
- Securities,pdf
- Secure Store & Forward / Digital Signatures (BC-SE...
- Secure Network Communications (BC-SEC-SNC)
- Free download use ful T-codes
- I did not find any OSS notes appropriate for my pr...
- How to apply OSS notes number?
- What is OSS Notes number?
- Where can i access SAP OSS?
- WHAT IS OSS
- Disaster Recovery Plan to Restore Production System
- Steps to Install SAP Note in sap
- Difference Between SAP Notes and Support Package
- Question : Subject : Support packages testing
- Five Different "User Type"
- How to solve the Time Zone Definition Problems?
- Setting the User Decimals Format
- Schedule Manager
- Various Important SAP Basis T-Code
- Trace Functions in sap
- System Trace: Error Analysis in sap
- System Trace(ST01) in sap
- Roles and Authorizations Used in Background Proces...
- Deleting Multiple Spool Requests Simultaneously in...
- Logging and Tracing in spool
- Print and Output Management in spool
- Background Job Monitoring Monitor in CCMS
- Monitoring the Database Using the Alert Monitor
- Monitoring the Operating System Using the Alert Mo...
- Monitoring Memory Management Using the Alert Monitor
- Method Dispatching Monitor in CCMS
- Remote Application Server Status Monitor in CCMS
- GRMG Self-Monitoring Monitor in CCMS
- CCMS Selfmonitoring Monitor for System-Wide Data i...
- Logfile Monitoring Monitor in CCMS
- Logon Load Balancing Monitor in CCMS
- Transaction-Specific Dialog Monitor in CCMS
- Workload Collector Monitor in CCMS
- System Errors Monitor in CCMS
- System Configuration Monitor in CCMS
- Syslog Monitor in CCMS
- Spool System Monitor in CCMS
- Security Monitor in CCMS
- Performance Overview Monitor in CCMS
- Operating System Monitor in CCMS
- Filesystems Monitor in CCMS
- Entire System Monitor in CCMS
- Monitoring the Enqueue Service in CCMS
- Dialog per Application Server Monitor in CCMS
- Dialog Overview Monitor in CCMS
- Database Monitor in CCMS
- Transactional RFC and Queued RFC Monitor in CCMS
- Communications Monitor in CCMS
- Buffers Monitor in CCMS
- Background Job Monitoring Monitor(CCMS)
- Background Processing Monitor(CCMS)
- Availability and Performance Overview Monitor (CCMS)
- SAP CCMS Monitor Templates Monitor Set
- Creating and Changing a Monitoring Pause(CCMS)
- Creating and Changing Monitoring Rules(CCMS)
- Configuring Availability Monitoring(CCMS)
- Update Repositories(CCMS)
- Displaying Central Performance History Reports(CCMS)
- Displaying Report Properties
- Scheduling and Executing a Report
- Variables in Group Names
- Creating a Report Definition(CCMS)
- Maintaining Collection and Reorganization Schemata...
- Maintaining Collection and Reorganization Schemata...
- Creating and Editing a Calendar Schema(CCMS)
- Creating and Editing a Day Schema
- Customizing the Alert Monitor(CCMS)
- Resetting MTEs and Alerts(CCMS)
- Reorganizing Completed Alerts(CCMS)
- Display Completed Alerts(CCMS)
- Automatically Complete Alerts(CCMS)
- Completing Alerts(CCMS)
- Starting Methods (CCMS)
- Processing Alerts(CCMS_
- Displaying the Technical View: Central Performance...
- Displaying the Technical View: Threshold Values(CCMS)
- Displaying the Technical View: Status Autoreaction...
- Displaying the Technical View: Status Data Collector
- Displaying the Technical View: Method Allocation
- Displaying the Technical View: Info on MTE
- Display Types and Views of the Alert Monitor(CCMS)
- Properties of Status Attributes (CCMS)
- Properties of Performance Attributes(CCMS)
- Properties of Log Attributes (CCMS)
- General Properties of Monitoring Tree Elements(CCMS)
- Properties of Monitoring Objects and Attributes
- Elements of the Alert Monitoring Tree
- Alert Monitoring Tree(CCMS)
- Monitors(CCMS)
- Monitor Sets (CCMS)
- Elements of the Alert Monitor (CCMS)
-
▼
November
(1359)
No comments:
Post a Comment