on 08-27-2014 9:30 AM
Hello Experts,
I faced a issue recently where I am not able to include any more UIU_comp authorizations. The error that pop up is "All authorizations beyond the maximum number are ignored" . Is there a way where we can increase the limit of authorization objects in a given PFCG?
Thanks!
Neha
Hi Neha,
This problem usually happens due to bad role design. The error message
description is most likely the following:
"...
Message no. 5@026
Diagnosis
The maximum number of 100 authorizations per object was exceeded.
System Response
All authorizations beyond the maximum number are ignored.
Procedure
Additional authorizations can only be included if you first delete a
corresponding number of existing authorizations. Note that deleting
authorizations with the status "Standard" or "Maintained" can lead to
the inclusion of new default authorizations at the next merging of the
authorization data. Avoid the maintenance associated with this by
removing only changed or manual authorizations.
..."
Probably you have a role that has among other authorization objects,
more than 100 occurrances for authorization object UIU_COMP. This is
more than the recommended, as the system limit of 100. You can confirm
that by selecting the role in question and reviewing this object in
table AGR_1251.
So, in order to overcome the problem, all you have to do is to
approach your Security expert and ask for a redesign on this role. It
will be most likely needed to split your authorization data in more
than one role, to avoid trespassing the expected limit.
==================================================
Hoping that above is helpful.
Best regards - Christophe
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hello Christophe,
Thanks for your reply. The reason for this UIU_COMP exceeding is not duplication of certain component, but the role is master role and has lot of UIU_COMP ( logical links assigned to it)
Nonetheless the last point which you said about spliting the authorization data is already done. I was looking for a solution where in the same PFCG role I can accommodate the authorization object.
Thanks again
Neha Gupta
User | Count |
---|---|
8 | |
1 | |
1 | |
1 | |
1 | |
1 | |
1 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.