cancel
Showing results for 
Search instead for 
Did you mean: 

Issue with executing transaction in APO

Former Member
0 Kudos

We currently have an issue where users are missing authorizations to tcodes, where strange enough this is only fixed by removing roles from their profile.

Transaction being tested:  /sapapo/sdp94

Access to this transaction is provided by role Z:APO_DP_ENDUSER_TO.Some users with this role are able to run the tcode, while some others are getting missing authorization error.

For those users getting the error, if other roles assigned to them are being removed (keeping Z:APO_DP_ENDUSER_TO), they are able to run the same tcode without error.

Is this an issue with authorization buffering ? How can it be confirmed and resolved.

Accepted Solutions (0)

Answers (1)

Answers (1)

Former Member
0 Kudos

Bala,

I will assume that the failure message your user is receiving does not contain detailed info (many of these authorization messages in SCM do have detailed solutions contained in them).

Immediately upon receiving the authorization failure, have the user execute /nsu53 in the command window.  Take the results and forward to your authorization team.

Best Regards,

DB49

Former Member
0 Kudos

Hello DB49

Thanks for your reply.

 

We had asked for SU53 report from user. Even though SU53 shows a missing authorisation, Customer wanted to know how could the users run the same transaction when number of roles assigned to them was reduced and suggested it might be Authorization buffer issue.

We raised OSS message 0000499684/2012, but SAP opinion was that its not a system bug but a Consulting issue and suggested to open a thread in SDN.

Former Member
0 Kudos

Bala,

???  You have found the missing authorization, and presumably granted it to the users who require it, and they are all now able to run the transactions.  What's the problem?

I would have thought that if the customer really wanted to know the answer, he would have engaged SAP consulting to answer his question......

Anyhow, I suggest that you will probably get more answers about authorization issues if you raise the issue in an authorization forum, such as http://scn.sap.com/community/security

Best Regards,

DB49