04-20-2010 7:47 PM
Hi Experts,
There is a Custom program YCSUTS10 with a Variant YMIA_******, when user trying to change this variant, she encountered with authorization error saying no auth to change that particular variant.
I tested myself, it is the same. i checked with SU53, (SU53 shows that all authorization is correct), i checked with ST01, still no clue, recently we upgraded to ECC6, user complained that she was able to change before upgrade.
When i checked my self it said that Diagnosis You tried to change a protected variant. This can only be done by the variant's creator. But user said that she was able to change even the restricted variants too.
Can you please help in this.
Thanks
Venkat
04-20-2010 9:15 PM
> This can only be done by the variant's creator. But user said that she was able to change even the restricted variants too.
That is logical and also SAP standard.
The solutions can however be very dangerous.
a) The user goes to transaction VARCH, selects the report and removes the "Protected" flag. Then others authorized for S_PROGRAM p_action VARIANT of the authorization p_group can maintain it as well, if assigned.
b) Reset the user's password, unlock them and perform a) using b).
c) If anyone tells you to execute report RSVARENT then please read the documentation and OSS notes on the report before you do anything with it (this is the dangerous part).
Cheers,
Julius
04-20-2010 9:27 PM
Julius,
Thanks for the reply,
I tried myself using tcode VARCH, with required program and variant when executed, it says that variant is protected and doesnt allow to proceed further.
Actually user wants to remove email address associated with that particular variant, but when I tried to do the same in SE38> program name> execute with variant, it allows me to change the email address.
Is this the correct way to do. not sure, please guide.
Just an update on this, i guided the user to go thru SE38> Give Program Name> Execute with Variant> give variant> select the arrow for mutli selection and then asked user to delete the required emails in that list after deleting and tried to copy, its the same no authorization to change. Please guide me on this.
Thanks in Advance.
Venkat
Edited by: Venkateshwar Bandam on Apr 20, 2010 4:59 PM
04-21-2010 7:43 AM
If any one able to change the restricted or protected variant, that means they are the creator of the variant.
Usually access to SE38/SA38 is restricted in production for end users / even consultants. Programs need to be protected with respective authorization group. usually providing access to S_PROGRAM with all authorization groups allows users to execute any program(Most of programs do perform respective authorization checks). If its not possible to change the exisitng variant, you can copy it to new one or create a one.
Regards,
Gowrinadh
04-21-2010 10:15 AM
04-21-2010 8:07 PM
Highly unlikely, but you never know. A simple SU53 would have shown that.
More likely is that it is a customer system variant. You will need to contact basis as it is "owned" by the logical system of client '000'.
Y-namespace was originally intended as "global" for the customer.
Cheers,
Julius
Edited by: Julius Bussche on Apr 21, 2010 9:09 PM
04-22-2010 6:10 PM
Hi All,
Thanks everyone for your supporting answers.
Infact this issue was taken care by Basis team, they logged in with the id who created that Variant and unprotected it.
FYI: it was created by a Batch id.
Thanks
Venkat