Skip to Content
avatar image
Former Member

Authorization issue in ME5A

Hi All,

We are facing a possible authorization issue in t-code ME5A. The user is not able to display the report in ME5A for a plant XYZ and ABC.

However, the IT user who has ' * ' access is able to display the report. When checked, the auth object M_BANF_EKO (Org value of Purchase org) is maintained as '*' the report is getting displayed. But the plant XYZ is assigned only to ABC and when the corresponding role containing Plant ABC and XYZ is assigned, the report is not being displayed.

My question is why the program or tcode ME5A is checking for ' * ' value and how to resolve this issue.

Any help is highly appreciated.

PS: ST01 or STAUTHTRACE is not capturing any authorization errors.


Add comment
10|10000 characters needed characters exceeded

  • Get RSS Feed

1 Answer

  • Aug 17, 2017 at 11:37 AM

    Hi Sandeep

    Asterisk might be the first check and if that fails it then loops through each configured value to see what the user is authorised to view

    Instead of putting asterisk in a user, try to build a temporary role which lists all plan values as well as the dummy value (two single quotations) and then run the trace. It may be that some items have a purchasing org and no plant so it needs dummy value to work (can't remember if this applies to ME5A but I've see it with ME3* transactions for contracts/outline agreements)

    Within STAUTHTRACE, where the asterisk appears with RC=0 - you can try to drill into the code and see how the authority check is coded. You will see if asterisk has been hard coded and users must have it.

    Finally, consider the original selection criteria that the user entered to see if that has blanks.



    Add comment
    10|10000 characters needed characters exceeded