Skip to Content
avatar image
Former Member

Tables for authorization

Hi

If I wish to get authorization for a particular transaction, I'd need roles added to my user id.

I added my id to the table AGR_USERS for a role. But still can't execute the transaction.

Any other things we need to do.

Pushpraj

Add comment
10|10000 characters needed characters exceeded

  • Get RSS Feed

4 Answers

  • Best Answer
    avatar image
    Former Member
    Mar 13, 2009 at 10:11 AM

    Hi Pushpraj,

    Execute the transaction for which you dont have authorization, then have a look at

    SU53, to find out what authorization object ur user id dont have and add the same to ur userid

    in SU01.

    Thnks.

    Add comment
    10|10000 characters needed characters exceeded

    • Former Member Pushpraj Singh

      Hi,

      run SU53 to display the result of the last failed authorization. It is important run SU53 immediately after failed authorization check, as only the last object the failed the authorization check is saved.

      You can run trace using ST01 to further analyze the error.

      Security Tables

      Table

      Description

      USR02

      Logon data

      USR04

      User master authorization (one row per user)

      UST04

      User profiles (multiple rows per user)

      USR10

      Authorisation profiles (i.e. &_SAP_ALL)

      UST10C

      Composit profiles (i.e. profile has sub profile)

      USR11

      Text for authorisation profiles

      USR12

      Authorisation values

      USR13

      Short text for authorisation

      USR40

      Tabl for illegal passwords

      USGRP

      User groups

      USGRPT

      Text table for USGRP

      USH02

      Change history for logon data

      USR01

      User Master (runtime data)

      USER_ADDR

      Address Data for users

      AGR_1016

      Name of the activity group profile

      AGR_1016B

      Name of the activity group profile

      AGR_1250

      Authorization data for the activity group

      AGR_1251

      Authorization data for the activity group

      AGR_1252

      Organizational elements for authorizations

      AGR_AGRS

      Roles in Composite Roles

      AGR_DEFINE

      Role definition

      AGR_HIER2

      Menu structure information - Customer vers

      AGR_HIERT

      Role menu texts

      AGR_OBJ

      Assignment of Menu Nodes to Role

      AGR_PROF

      Profile name for role

      AGR_TCDTXT

      Assignment of roles to Tcodes

      AGR_TEXTS

      File Structure for Hierarchical Menu - Cus

      AGR_TIME

      Time Stamp for Role: Including profile

      AGR_USERS

      Assignment of roles to users

      USOBT

      Relation transaction to authorization object (SAP)

      USOBT_C

      Relation Transaction to Auth. Object (Customer)

      USOBX

      Check table for table USOBT

      USOBXFLAGS

      Temporary table for storing USOBX/T* chang

      USOBX_C

      Check Table for Table USOBT_C

      As you said you are going to contact basis people rather that contacting basis people please contact security people they will provide you the required authorization.

      If you don't have su01.If you need to check the roles goto su01d (it contains only display authorization)

      Regards

      Sreedhar Reddy

  • Mar 13, 2009 at 09:57 AM

    Hi,

    Instead of adding the record to the table use this FM.

    ISAI_USER_ROLES_MAINTAIN

    There might be some other tables which needs to be updated.

    Thanks,

    Vinod.

    Add comment
    10|10000 characters needed characters exceeded

  • avatar image
    Former Member
    Mar 13, 2009 at 10:01 AM

    Hi

    Along with the table AGR_USERS and respective FM's ISAI_USER_ROLES_MAINTAIN

    can you check it out for Table : TPGP also.

    Regards,

    Sreeram Kumar.Madisetty

    Edited by: Sreeram Kumar Madisetty on Mar 13, 2009 11:06 AM

    Add comment
    10|10000 characters needed characters exceeded

  • avatar image
    Former Member
    Mar 13, 2009 at 11:16 AM

    Moved to the security forum...

    As you have experienced, your guess work about which table to update is not working. I agree with the others that you are going to make a mess of it and possibly get yourself fired.

    The correct approach is to get yourself the correct access - even if it does take a little bit longer and you might want to consider tweaking your processes a bit to make it faster...

    Cheers,

    Julius

    Add comment
    10|10000 characters needed characters exceeded