Skip to Content
avatar image
Former Member

SU01 and PFCG

Hello All,

I have been trying to add a role to a user through SU01 and as well add a user to a role using pfcg, the system says that i am not authorised to perform this action.

Please guide what needs to be done.

Look forward for a quick response as i need to respond to the client

Thanks

Add comment
10|10000 characters needed characters exceeded

  • Get RSS Feed

2 Answers

  • avatar image
    Former Member
    Dec 11, 2008 at 07:09 AM

    Hi Vani,

    This is simply authorization problem. Your User ID doesnt have sufficient authorization. Run this action again and go immediately to the SU53 and get a screen shot of the authorization failed.

    Send this to Basis / Security guy and ask them to assign you the required authorization.

    Regards,

    Sabita

    Add comment
    10|10000 characters needed characters exceeded

    • Former Member

      Hello Vani,

      If the SU53 also, doesnt resolve your issue in one time, then you can directly use the trace analysis for authorization.

      Regards,

      Hersh.

  • avatar image
    Former Member
    Dec 11, 2008 at 11:32 AM

    Thanks to Sabita and Hersh for the answers, Can you please specify how to undertake a trace analysis?

    This will help me advicing the client for the issue

    Add comment
    10|10000 characters needed characters exceeded

    • Former Member

      Dear Vani,

      Visit [Analyzing Authorization Checks|http://help.sap.com/saphelp_nw70/helpdata/en/52/6716b3439b11d1896f0000e8322d00/content.htm]

      If you do not know the required authorizations for a transaction, you can use the system trace or the authorization error analysis to determine them.

      -System Trace

      You can use the system trace function (transaction ST01) to record authorization checks in your own and in external sessions, if the trace and the transaction to be traced are running on the same application server. The trace records each authorization object that is tested, along with the objectu2019s fields and the values tested.

      -Authorization error analysis

      You can use transaction SU53to analyze an access-denied error in your system that just occurred. It displays the last failed authorization check, the useru2019s authorizations, and the failed HR authorization check.

      You can also refer the standard template "SAP_ADM_US".

      Authorization object "S_USER_SAS" is checked in transactions PFCG and SU01 when you assign roles, profiles, and systems to users.

      Regards,

      Naveen