Skip to Content
avatar image
Former Member

AUthorizations needed to change parameters in SU3

Gurus,

What is the authorization needed to change parameters in SU3 ?

I have them in change mode in one environment and only in display mode in another one.

Thanks for your help,

Olivier

Add comment
10|10000 characters needed characters exceeded

  • Get RSS Feed

7 Answers

  • Best Answer
    avatar image
    Former Member
    Nov 06, 2008 at 11:50 AM

    > What is the authorization needed to change parameters in SU3 ?

    > I have them in change mode in one environment and only in display mode in another one.

    Are any of your systems in a Central User Administration environment? If so, check the CUA settings. Maybe one environment is configured in such a way the parameters need to be maintained in the CUA master.

    I ran transaction SU3 in my MiniSAP ( SAP NetWeaver 2004s ) with a trace in the background, changed some stuff and saved, and it only checked S_TCODE. I doubt if this is an authorization issue so in my opinion you can safely ignore the list of objects posted as the second reply.

    Jurjen

    Add comment
    10|10000 characters needed characters exceeded

  • avatar image
    Former Member
    Nov 05, 2008 at 08:09 PM

    Hi ...

    Check transaction 'SU53' after the 'SU3' authorization fail.

    This will give the list of objetct/s that are need to be in your authorization group.

    Thanks,

    Aditya. V

    Add comment
    10|10000 characters needed characters exceeded

  • avatar image
    Former Member
    Nov 06, 2008 at 11:17 AM

    Hi Olivier,

    The following is the list of auth objects which are checked for tcode SU3 :

    B_ALE_MODL ALE: Distribution Model Maintenance

    B_ALE_RECV ALE/EDI: Receiving IDocs via RFC

    PLOG Personnel Planning

    S_ADDRESS1 Business Address Services: Address Type 1 (Org. Addresses)

    S_ADMI_FCD System Authorizations

    S_ALV_LAYO ALV Standard Layout

    S_BCSETS BC Set Authorization Object

    S_BDS_DS BC-SRV-KPR-BDS: Authorizations for Document Set

    S_BTCH_ADM Background Processing: Background Administrator

    S_BTCH_JOB Background Processing: Operations on Background Jobs

    S_C_FUNCT C calls in ABAP programs

    S_CARRID Authorization Object for Airlines

    S_CTS_ADMI Administration Functions in Change and Transport System

    S_DATASET Authorization for file access

    S_DEVELOP ABAP Workbench

    S_DOKU_AUT SE61 Documentation Maintenance Authorization

    S_FLBOOK Authorization Object for Flight Bookings (Demo)

    S_FRA_AREA Framework Registry: Area

    S_FRA_SP Framework Registry: Service Provider

    S_FRA_SPS Framework Registry: Element Type

    S_GUI Authorization for GUI activities

    S_IWB Knowledge Warehouse

    S_IWB_ADM Knowledge Warehouse: Administration

    S_OC_DOC SAPoffice: Authorization for an Activity with Documents

    S_OC_ROLE SAPoffice: Office User Attribute

    S_OC_SEND Authorization Object for Sending

    S_OLE_CALL OLE calls from ABAP programs

    S_PACKSTRU Internal SAP Use: Package Structure

    S_PRO_AUTH IMG: New authorizations for projects

    S_PROJECT Project Management: Project authorization

    S_RFC Authorization Check for RFC Access

    S_RZL_ADM CCMS: System Administration

    S_SCMG_CAS Case Management: Case

    S_SCMG_FLN Case Management: Authorization by Field

    S_SCMG_STA Case Management: Status

    S_SCMG_TXT Case Management: Text Notes

    S_SPO_DEV Spool: Device authorizations

    S_SRMGS_CT Records Management: Authorizations for Document Content

    S_SRMGS_PR Records Management: Authorizations for Attributes

    S_SRMSY_CL SAP Records Management : General Authorization Object

    S_TABU_CLI Cross-Client Table Maintenance

    S_TABU_DIS Table Maintenance (via standard tools such as SM30)

    S_TCODE Transaction Code Check at Transaction Start

    S_TRANSLAT Translation environment authorization object

    S_TRANSPRT Transport Organizer

    S_TWB Test Workbench structure maintenance

    S_USER_AGR Authorizations: Role Check

    S_USER_GRP User Master Maintenance: User Groups

    S_USER_PRO User Master Maintenance: Authorization Profile

    S_USER_SAS User Master Maintenance: System-Specific Assignments

    S_WFAR_OBJ ArchiveLink: Authorizations for access to documents

    S_WFAR_PRI SAP ArchiveLink: Authorization to Access Print Lists

    the best thing to find out which ones missing can be to run tcode SU53 or ST01 - system trace

    Best,

    Suchitra

    Add comment
    10|10000 characters needed characters exceeded

    • Former Member

      >

      > S_CARRID Authorization Object for Airlines

      >

      ?<sub name>?<sub name>?<sub name>?<sub name>?<sub name>?<sub name>?<sub name>?<sub name>?<sup name>?<sup name>?<sup name>?<sup name>?<sup name>?<sup name>?<sup name>?<sup name>?<sup name>?<sup name>?<sub name>?<sub name>?<sub name>?<sub name>?<sub name>?<sub name><sub name>?<sub name><sub name>?<sub name><sub name>?<sub name><sub name>?<sub name><sub name>?<sub name><sub name>?<sub name>?<sup name><sup name>?<sup name><sup name>?<sup name><sup name>?<sup name><sup name><sup name>?<sup name><sup name><sup name>?<sup name><sup name><sup name>?<sup name><sup name><sup name>?

  • avatar image
    Former Member
    Nov 06, 2008 at 03:15 PM

    CUA system!

    Add comment
    10|10000 characters needed characters exceeded

  • avatar image
    Former Member
    Nov 06, 2008 at 03:33 PM

    SU3 is a all or nothing transaction. You either have access to it (S_TCODE will have SU3) or you don't.

    As to why you see it in display mode in one system versus change mode in another; Jurjen's analysis is right. The most likely reason is your CUA settings allow parameter maintenance only central system. And if that really is the case, it is counter-productive.

    Think about it. SU3 is meant to allow users to be able to maintain their own parameter ID's. It's like personalization. What's the point in giving them access to tcode SU3 but maintain your CUA settings such that parameter ID's can be changed only through central system!

    Add comment
    10|10000 characters needed characters exceeded

  • avatar image
    Former Member
    Nov 06, 2008 at 05:25 PM

    Absolutely agree on that Ashutosh!

    Thing is the client is NOT always right but he's the one to decide. Even the IT guys feel that it is a nonsense.

    You know the drill !

    Add comment
    10|10000 characters needed characters exceeded

    • Former Member

      Hmmm.... but they will soon realize that there is potentially a lot of work involved and / or user unhappiness...

      Perhaps you could mention to them that if there are specific PIDs which they are concerned about (as these determine more than just user preferences for re-using parameters) then they should raise those concerns with SAP.

      These forums are not really intended for "bug reports", but some PID related concerns have been raised in the past, and an interesting discussion about security design (which leads to a correction) has happened before as well...

      Cheers,

      Julius

  • avatar image
    Former Member
    Aug 29, 2013 at 09:00 PM

    Many years have passed since this post was opened and something has changed.  I don't know exactly which Support Package introduced this, but now, SU3 checks S_RZL_ADM / ACTVT = 03.   I'm on SAPKB70107 and getting big dumps whenever user touches Defaults tab in SU3 if not having this auth.  FYI.  Anyone know which support pack brought this?

    Add comment
    10|10000 characters needed characters exceeded