Skip to Content
author's profile photo Former Member
Former Member

Authorization check for F_BL_BANK

Dear all,

All this while my users don't have problem with their roles until recently they hit problem with authorization check on the object F_BL_BANK. This object is not available in their roles.

My question

a.) what could have been configured to start the authorization check on this object ? how do i check ?

Comment and advice will be appreciated.

Thanks.

Regards,

Kent

Add a comment
10|10000 characters needed characters exceeded

Assigned Tags

Related questions

2 Answers

  • Best Answer
    author's profile photo Former Member
    Former Member
    Posted on Sep 04, 2009 at 09:29 AM

    Kent,

    authorization checks are usually done via ABAP coding (statement "AUTHORITY-CHECK"). You can find them by searching the ABAP code. Reports available to do that are RSABAPSC (only searches for ABAP command) and RPR_ABAP_SOURCE_SCAN (search for string).

    There are also some checks that are hard coded in the SAP kernel. But those usually relate to S* objects.

    Another option could be that the auth check was deactivated in SU24 in the past but has been activated recently. But note: activation is only relevant if the auth check is available in the program code of the associated transaction.

    Hope that helps.

    Regards

    Petra

    Add a comment
    10|10000 characters needed characters exceeded

    • Former Member

      > RPR_ABAP_SOURCE_SCAN (search for string).

      In higher releases this is now RS_ABAP_SOURCE_SCAN.

      The fastest way to find such suprises if you don't know what changed, is IMO to activate an ST01 authorization trace. Double-click on the entry for the object and then in the top left corner there is a "Jump to source" function, which will show you the location of the AUTHORITY-CHECK.

      Check what has changed in that object or what the coding immediately prior to check being performed is dependent on.

      Cheers,

      Julius

  • author's profile photo Former Member
    Former Member
    Posted on Sep 04, 2009 at 06:00 PM

    Hi Kent,

    It is very possible that this object was activated in SU24 from "Not check" to "Check." Can you have someone checked if this is the same situation in DEV? If yes, you can either go back and set the auth object as "as not check" and transport it across, or maintain the newly checked object for all roles.

    You can also check the object F_BL_BANK in the tranport objects by taking the following steps;

    SE03 <SELECT "SEARCH FOR OBJECTS IN REQUESTS/TASKS<SELECT AN OBJECT AND ENTER SUSO, press enter and insert the auth object being searched. That will give you the transport request where that object was included and the name of the user who did it.

    Add a comment
    10|10000 characters needed characters exceeded

    • Former Member

      Yes, that is another (more likely, actually) possibility, if the check was previously "No Check" in SU24.

      Cheers,

      Julius

      ps: If you would like to have your display name changed, you can send a mail to sdn (at) sap (dot) com 😊

Before answering

You should only submit an answer when you are proposing a solution to the poster's problem. If you want the poster to clarify the question or provide more information, please leave a comment instead, requesting additional details. When answering, please include specifics, such as step-by-step instructions, context for the solution, and links to useful resources. Also, please make sure that you answer complies with our Rules of Engagement.
You must be Logged in to submit an answer.

Up to 10 attachments (including images) can be used with a maximum of 1.0 MB each and 10.5 MB total.