Skip to Content
author's profile photo Former Member
Former Member

Authorisation Check failed. Misunderstanding.

Hello, we design nonstandard roles conception in our company. The essence of this conception - we create organisation roles which contain organization levels defined only and functional roles which contain the specific user transactions. Then we assign two roles to user.

There is a special moment. The ACTIVITY field of Org. authorisation object is assigned in functional role only. In Org. role this field is left unsigned.

For example. We want to create Sales Order.

1) For this, we create Org. role which contains Authorization object: V_VBAK_VKO. We fill all necessary auth. fields of V_VBAK_VKO. The activity field we leave empty.

2) Then we create functional role which contains transaction VA01. We fill the activity field of V_VBAK_VKO only (01-create order value). Other fields of V_VBAK_VKO we leave as unsigned (certainly don't forget to add V_VBAK_AAT).

But this approach DOES NOT work. When we try to create sales order the system reports the user have NO authorization for maintaining sales documents. The system states we need to assign V_VBAK_VKO authorization to the user.

If we fill all authorization fields of V_VBAK_VKO objects including activity field in Org. role(or func. role) all works fine.

Tell me why it happens. Why the authorisation fields value of the same authorization objects of two roles are not summarized???

Thank you very much.

Add a comment
10|10000 characters needed characters exceeded

Assigned Tags

Related questions

4 Answers

  • author's profile photo Former Member
    Former Member
    Posted on Feb 01, 2012 at 12:08 PM

    So, if you are right then we have to define functional activity in Org. role!

    it seems to me this scenario simply makes no sense of Org. roles.

    Add a comment
    10|10000 characters needed characters exceeded

    • Former Member

      So, if you are right then we have to define functional activity in Org. role!

      > it seems to me this scenario simply makes no sense of Org. roles.

      Exactly! Who gave you the impression that this would work??

      It looks nice in PowerPoint sometimes but does not work and sooner or later (mostly sooner) created a big mess...

      Cheers,

      Julius

  • author's profile photo Former Member
    Former Member
    Posted on Feb 01, 2012 at 11:36 AM

    How you got this idea of creating roles without giving activities in Org role?

    Anyone told or seen in any site?

    In both the roles Org role and in Fun role maintain all the fields, In org role activity and org level ,In func role give activity and in org field put xxxx ,otherwise it wont work

    You cannot change the way sap checks authorizations

    Add a comment
    10|10000 characters needed characters exceeded

  • author's profile photo Former Member
    Former Member
    Posted on Feb 01, 2012 at 11:57 AM

    Hi,

    The reason why it doesn't work as you expected is

    when you are creating a functional role and not maintianing org field over there you are creating one authorization and similarly in org role you are maintaining only org values in this case you are creating another authorization as mentioned below.

    ACTVT - 01 & Sales ORG - " " -


    Auth 1

    ACTVT - " " & Sales ORG - "1000" -


    Auth 2

    In SAP Users are checked against authorizations, not on induvidual authorization fields

    Hope this helps

    Regards,

    Rakesh

    Add a comment
    10|10000 characters needed characters exceeded

  • author's profile photo Former Member
    Former Member
    Posted on Feb 02, 2012 at 10:10 AM

    I'm very grateful to all for useful comments.

    Add a comment
    10|10000 characters needed characters exceeded

Before answering

You should only submit an answer when you are proposing a solution to the poster's problem. If you want the poster to clarify the question or provide more information, please leave a comment instead, requesting additional details. When answering, please include specifics, such as step-by-step instructions, context for the solution, and links to useful resources. Also, please make sure that you answer complies with our Rules of Engagement.
You must be Logged in to submit an answer.

Up to 10 attachments (including images) can be used with a maximum of 1.0 MB each and 10.5 MB total.