SU53 gave me V_VBAK_VKO to be checked.

While ST01 gave me this st01.png
I'm not sure what to check in ST01.

Hello trisno.s

Are you comparing (debugging) both systems in development environment? Did you check if user in both systems has the same roles assigned? Are the roles defined in the same way?

I debug both systems in QA environment since our development server doesn't have proper roles. The two roles have different names and different authorization (like Sales Org, Document Type, etc) since both are for different company, but the roles have same function of sales admin.

Have you checked other roles and profiles too?

As an example, on one system user you're testing on may have a SAPALL assigned, thus having authorizations for everything.

Kind regards,
Mateusz

The authorization object for Z_KONH_KLS, is set on Z*SALES*ADMIN role, there's no other role contains Z_KONH_KLS assigned to the two user IDs except the Z*SALES*ADMIN role.

In both servers, the roles have their own names, both function as sales admin role.

I've checked their profile as well, there's no SAP_ALL profile on both user IDs.

Perhaps there is other code/syntax to be used in the SAP ERP Central Component 5.0 version of server?

So that to ease the reading of your question, here it is again with your screenshots made visible:

• We made a custom authorization object of Z_KONH_KLS, to control which values of condition types the users can see based on the pricing procedure name (KALSM) and step number (STUNR). So, if user viewed a Sales Order document that has different pricing procedure set in the authorization object, all values of condition types won't appear; or if both pricing procedure in authorization object and SO are the same, the user can only view the values until step number set in the authorization object.
• We've been using this method in one of our server (4.6C version) for years.
• One of the users asked to bring the same method to the other server (SAP ERP Central Component 5.0 version). However, when we debug the new code brought from 4.6C version, the sy-subrc always returns 0.
• These are the roles:
• 4.6C version

  

• SAP ERP Central Component 5.0 version

  

To be followed...

(continued)

• The pricing procedure used in both servers have different names, but same content. Step 174 and beyond, we use it for VPRS, which we don't want user to see the value.
• Here's the debug result - left is 4.6C version, right is SAP ERP Central Component 5.0 version

  

• In SAP ERP Central Component 5.0 version of server, no matter what KALSM I give, it always returns sy-subrc = 0.
• Can anyone help what is the cause why it always returns sy-subrc = 0 and how to fix it, despite the same code has been used in other server for years without problem?

+ These comments:

• Can you do a SU53 or a ST01 authorization log trace ?
• SU53 gave me V_VBAK_VKO to be checked.
• While ST01 gave me [all authorization checks Z_KONH_KLS successful]

  

• Are you comparing (debugging) both systems in development environment? Did you check if user in both systems has the same roles assigned? Are the roles defined in the same way?
• I debug both systems in QA environment since our development server doesn't have proper roles. The two roles have different names and different authorization (like Sales Org, Document Type, etc) since both are for different company, but the roles have same function of sales admin.
• Have you checked other roles and profiles too? As an example, on one system user you're testing on may have a SAPALL assigned, thus having authorizations for everything.
• The authorization object for Z_KONH_KLS, is set on Z*SALES*ADMIN role, there's no other role contains Z_KONH_KLS assigned to the two user IDs except the Z*SALES*ADMIN role.
• In both servers, the roles have their own names, both function as sales admin role.
  I've checked their profile as well, there's no SAP_ALL profile on both user IDs.
  Perhaps there is other code/syntax to be used in the SAP ERP Central Component 5.0 version of server?

What does SU56 show for your test users? By examining the user buffer you can see which authorizations they really have and through which role/profile they get them.

A bit more of a long shot: What are the SU24 settngs for VA03 and your custom object?

What is the SAP_BASIS release of the newer system (and what is the kernel release)?
Is the authority check taking place during update processing? (including local update)

As Mateusz Adamus suggested about checking roles, I did more thorough checking and found out that the mentioned object has been assigned by other team with different role to the user ID I tested. This different role is the cause why SY-SUBRC always returns 0.