Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

SU01 and PFCG

Former Member

‎12-11-2008 6:32 AM

0 Kudos

Hello All,

I have been trying to add a role to a user through SU01 and as well add a user to a role using pfcg, the system says that i am not authorised to perform this action.

Please guide what needs to be done.

Look forward for a quick response as i need to respond to the client

Thanks

5 REPLIES 5

Former Member

‎12-11-2008 7:09 AM

0 Kudos

Hi Vani,

This is simply authorization problem. Your User ID doesnt have sufficient authorization. Run this action again and go immediately to the SU53 and get a screen shot of the authorization failed.

Send this to Basis / Security guy and ask them to assign you the required authorization.

Regards,

Sabita

Former Member
In response to Former Member

‎12-11-2008 11:19 AM

0 Kudos

Hello Vani,

If the SU53 also, doesnt resolve your issue in one time, then you can directly use the trace analysis for authorization.

Regards,

Hersh.

Former Member

‎12-11-2008 11:32 AM

0 Kudos

Thanks to Sabita and Hersh for the answers, Can you please specify how to undertake a trace analysis?

This will help me advicing the client for the issue

Former Member
In response to Former Member

‎12-11-2008 12:26 PM

0 Kudos

Dear Vani,

for trace analysis, you need to have authorization of ST01. Go to ST01 - select Authrization check and click trace on.

Run transaction and action you are getting error into.

Goto st01, click trace off.

Goto Analysis -

Check details and ask basis/security team to help.

I hope Su53 details will help basis/security guys to check and provide neccessary authorizations.

Regards,

Sabita

Former Member
In response to Former Member

‎12-12-2008 11:43 AM

0 Kudos

Dear Vani,

Visit [Analyzing Authorization Checks|http://help.sap.com/saphelp_nw70/helpdata/en/52/6716b3439b11d1896f0000e8322d00/content.htm]

If you do not know the required authorizations for a transaction, you can use the system trace or the authorization error analysis to determine them.

-System Trace

You can use the system trace function (transaction ST01) to record authorization checks in your own and in external sessions, if the trace and the transaction to be traced are running on the same application server. The trace records each authorization object that is tested, along with the objectu2019s fields and the values tested.

-Authorization error analysis

You can use transaction SU53to analyze an access-denied error in your system that just occurred. It displays the last failed authorization check, the useru2019s authorizations, and the failed HR authorization check.

You can also refer the standard template "SAP_ADM_US".

Authorization object "S_USER_SAS" is checked in transactions PFCG and SU01 when you assign roles, profiles, and systems to users.

Regards,

Naveen