cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Deletion is working even after removing the 06 activity from the authorization object.

Go to solution
former_member456265
Discoverer

on ‎05-18-2017 1:10 PM

0 Kudos

Hi there,

We were trying to restrict user access to create and change attachments in QC52 but not to delete, for this we removed 06 activity from all the roles that are in the authorization object C_DRAD_OBJ from PFCG. But even after this users are able to delete the attachments in QC52.

Quick help is appreciated

Show replies
Show replies
jurjen_heeck
Active Contributor
‎05-19-2017 7:15 AM

Best starting point on issues like this one is to run an authorization trace and check which objects and values are actually checked for an action. If you find RC=0 output for objects/field values which aren't in the users' roles/profiles you can also check SU24 to see if any checks have been disabled for transaction QC52.

former_member456265
Discoverer
‎05-19-2017 11:28 AM
0 Kudos

Actually User has access for QC52 If he go to certificate and then attachment list...from there user is able to delete the attachment.

But we revoked the activity 06 from Authorization Object : C_DRAD_OBJ still its allowing user to delete the attachment.

Answer

Accepted Solutions (1)

Accepted Solutions (1)

jurjen_heeck
Active Contributor
‎05-19-2017 11:52 AM
0 Kudos

Yes, that is what you wrote earlier. Now try this with an authorization trace (ST01 or STAUTHTRACE) and see which objects and field values are actually checked when you delete an attachment.

Show replies
Show replies
former_member456265
Discoverer
‎05-19-2017 12:46 PM
0 Kudos

Hi Jurjen, Thanks for the help, we will try with the authorization trace and come to you 🙂

Answers (0)

Ask a Question