Skip to Content
-1

Authorization object returns different subrc

Jul 25, 2017 at 01:21 PM

69

avatar image
Former Member

Hi All,

We have created a custom authorization object. Authorization check fails in Production system but it passes in Testing system.

Production: Passing GB and blank value. SUBRC value returned is 12.

Staging system: Passing GB and blank value. SUBRC value returned is 0.

Authorization object :

No changes were made for these objects. All data is same in both systems.

Any help is really appreciated.

Thanks in advance,

Veena

ydp.jpg (79.9 kB)
ydq.jpg (79.8 kB)
capture.jpg (50.6 kB)
10 |10000 characters needed characters left characters exceeded
* Please Login or Register to Answer, Follow or Comment.

3 Answers

Rashid Javed Jul 25, 2017 at 01:33 PM
1

That means you have the relevant role in testing system but not in Production environment!

Your authorization guy should be able to tell this ZCUSTGROUP object is used in which roles.

Show 4 Share
10 |10000 characters needed characters left characters exceeded
Former Member

Roles are same in both systems.

0

Wow! I think that is not possible.

Authority-check return 12 when the object is not found in user master record.

Following is from documentation of authority-check

12 No authorization was found for the authorization object in the user master record.

So now there are two possibilities.

1: Roles are assigned in production system but user comparison is not done. If think transaction PFCG can verify that.

2: in testing system the user has some additional role that is satisfying the authority-check criteria.

0

Our answers are essentially the same - we must have posted at the same time. :-)

0

I must say yours is more elaborate. I was just stuck into roles and authority-object :-)

1
Matthew Billingham
Jul 25, 2017 at 01:56 PM
0

"All data is same in both systems." Bet you it isn't. It's very simple. One or more of these applies:

1. The code is different

2. The authorisation object is different

3. The role is different

4. The user is different.

There are no other possibilities I can think of. Have you searched for authority-check return code 12? Perhaps the user's buffer needs updating (if everything else is the same).

Share
10 |10000 characters needed characters left characters exceeded
Bernhard H.
Aug 03, 2017 at 10:04 AM
0

try using st01,stauthtrace..... you probably will find a reason (....su24 check flag)

Profile generated?

authorization available in ust12?

authroization available in usrbf2?

brgds,Bernhard

Share
10 |10000 characters needed characters left characters exceeded