02-26-2009 8:45 AM
Hello,
I have a problem.
Is there a way to restrict in a Role to not see the graphic model in the Tcode SWDD?
I have in a client that they have several roles and one of them has the acces to the SWDD, but they can't see the Graphic model option.
The have in a role the object S_TCODE = swdd, but nothing. I have in my ECC a role with only that Tcode and I see the graphic model.
Can someone help me please?
Thank in in advance...
Pablo Mortera.
02-27-2009 8:21 PM
Hi Pablo,
As Julius already told,When a user is having a access and other is not, You can compare the users with SUIM. If you are comparing with your own user id, it is possible that you might be a super user and see those graphics. Best way is ask for SU53 screen shot from the user who is facing this problem and assign those authorizations objects and field values in his assigned profile and look for the next missing authorization object. This process continues till you solve the problem in this case see the graphical model.
02-26-2009 6:06 PM
Hi Pablo,
Could you please check out whether the auth. obj S_DATASET is active or inactive in the role providing access to SWDD.If it is inactive then plz make it active and chk.
Thx,
Saby..
02-26-2009 9:24 PM
It does not have to be in the same role... but ideally an instance of the correct authority to use a transaction should be in the same role as the authority to start it.
Cheers,
Julius
02-27-2009 1:04 PM
02-27-2009 12:12 PM
You may find it useful to run an ST01 trace on a user which has the graphical view working?
That way you will ee which authorisations are actually called in the process of using the Workflow builder!
Additionally, if someone already has access, try a user comparison in SUIM to see if any of the values are different.
Simon
02-27-2009 1:04 PM
Hello,
The Tcode ST01 didn't appear anything abnormal.
Best Regards.
Pablo Mortera
02-27-2009 8:21 PM
Hi Pablo,
As Julius already told,When a user is having a access and other is not, You can compare the users with SUIM. If you are comparing with your own user id, it is possible that you might be a super user and see those graphics. Best way is ask for SU53 screen shot from the user who is facing this problem and assign those authorizations objects and field values in his assigned profile and look for the next missing authorization object. This process continues till you solve the problem in this case see the graphical model.
02-27-2009 10:29 PM
> Best way is ask for SU53 screen shot from the user who is facing this problem and assign those authorizations objects and field values in his assigned profile and look for the next missing authorization object. This process continues till you solve the problem in this case see the graphical model.
That comes closer to the worst way than the best way, but in some cases it does work.
Cheers,
Julius
02-28-2009 12:10 AM
Hello,
The problem is that the one that are comparing more or less has a SAP_ALL.
The Tcode SU53 doesn't appear anything.
I don't know what to look for.
Best Regards.
Pablo M.
02-28-2009 12:25 AM
When strange things like this happen, your best route for a port-of-first-call is to contact a functional person in the area or key user (a.k.a. "Guru") to ask about config.
Most of the time, it is some config stuff. But if it works for one user and not for another in the same client... then it is often some bname/ uname feature.
Set a watch-point on the bname of the user who can see the graphics, and check whether anything turns up? Or scan it for "if sy-uname" and "if syst-uname" including PBO / PAI modules...
Cheers,
Julius
03-02-2009 5:42 AM