Skip to Content
avatar image
Former Member

Authorization object B_BUPA_FDG

Hi,

We are working on tightening our authorizations on business partners.

We have introduced the B_BUPA_FDG, so on field group.

Also field groups have been added to customizing (define field group for authorizations).

In authorization trace we see that user is NOT authorized for field group, but still in this case the address can be changed.
User has display authorization for field group, but not change authorization.

Are we overlooking something?

Regards,


Walter van Veen

Add comment
10|10000 characters needed characters exceeded

  • Get RSS Feed

4 Answers

  • avatar image
    Former Member
    Oct 16, 2015 at 07:14 AM

    This message was moderated.

    Add comment
    10|10000 characters needed characters exceeded

  • Oct 16, 2015 at 02:24 PM

    Hi,

    did you working in CRM? Which system version? GUI or Web UI?

    I remember that there was some issue with Web UI.

    Add comment
    10|10000 characters needed characters exceeded

  • Oct 16, 2015 at 03:28 PM

    Walter,

    In adding to Michael's comments, please let us know which tcode(s) you're utilizing this auth object with. Our company uses ICWeb which can be a bear to troubleshoot ICWeb auth failures. If you're also using ICWeb, creating a trace (ST01) for all auth object checks, RFC calls, and HTTP calls will help (i.e. log one user from time of login to auth failure). If there's no auth failure when the user attempts the task, look at the trace data at the time of login (when their user master buffer is loaded).

    To help dissect trace data in CRM, I've found reviewing the UI_COMP components in table CRMC_UI_COMP_IP (Inbound Plug Definition), to be invaluable to understanding trace failures and components within a security role that allows this access. I've also found that by adding a menu button (for example Contract Management), allows change access even though all security auth objects are set to display only (i.e. there might be a RFC or program being called, or configuration that's allowing change access).

    Any who, hopefully this info helps.

    Cheers,

    Greg

    Add comment
    10|10000 characters needed characters exceeded

  • avatar image
    Former Member
    Oct 16, 2015 at 04:12 PM


    This is an ECC 617 system, so no CRM and no special WEB UI.

    Add comment
    10|10000 characters needed characters exceeded