Skip to Content
avatar image
Former Member

Authorization Failing for a New transaction

Hello Experts,

I created a new authorization object and assigned it to a Transaction ( Report ).

The authorization object has two fields: TCODE and the OBJECT_TYPE. The issue is, when i run the transaction i get the error " You are not authorized to run the same ".

Is it because the authorization object is not assigned to my profile ( with a role ) ?

In SU53 i dont see the authorization object class assigned to my user at all. Please confirm if my understading is correct.

-> "Regenrate SAP_ALL" shall set the authorization object to generic role which is assigned to every one in the org.

-> If i dont want this, i can add this to a specifc role. Which i know is assigned to few profiles (some specfic set of people ).

Second Question is:

I have the new authorization object created in one system, which i want to use it in another system ( and assign it to a PFCG Role ).

This should be possible right?

Add comment
10|10000 characters needed characters exceeded

  • Get RSS Feed

2 Answers

  • Apr 08, 2011 at 09:54 AM

    >

    > -> "Regenrate SAP_ALL" shall set the authorization object to generic role which is assigned to every one in the org.

    I hope that this is not right. If yes then I don't understand why you bother with new object if everyone has SAP_ALL.

    Cheers

    Add comment
    10|10000 characters needed characters exceeded

  • avatar image
    Former Member
    Apr 11, 2011 at 05:56 AM

    >

    > Is it because the authorization object is not assigned to my profile ( with a role ) ??

    Yes it could be .. But you will have to confirm the same through an SU53 or authorization trace put on your user account while running the t-code.

    When a new t-code/object is created its a done thing to include access to the same in the required user roles. If you raised the t-code for the user of say all 'Developers' on the system, take the developer role and add the t-code access into it- otherwise only the users with SAP_ALL or other very wide roles may automatcally get the access.

    >

    > -> "Regenrate SAP_ALL" shall set the authorization object to generic role which is assigned to every one in the org.

    I could not understand this part well.... what is the generic role you are pointing at?

    > >

    -> If i dont want this, i can add this to a specifc role. Which i know is assigned to few profiles (some specfic set of people ).

    that is the best method, as I explained already.

    >

    > I have the new authorization object created in one system, which i want to use it in another system ( and assign it to a PFCG Role ).

    > This should be possible right?

    Its not possible till the object is made available in the second system (through Transport or any such methods).

    Soumya

    Add comment
    10|10000 characters needed characters exceeded