05-19-2016 11:55 AM
Hello Experts,
I have two queries related to Security:
1) I have a scenario where under SU53 screen shot, under S_Develop Auth Obj., I can find 5 fields as
(Missing Authorization)
ACTVT : 03
DEVCLASS: <Dummy>
OBJNAME: <Dummy>
OBJTYPE: DEBUG
P_GROUP:<Dummy>
When I checked the specific Authorization object under specific Role, I found entries as below:
ACTVT : 03
DEVCLASS: CRM*
OBJNAME: CRM*
OBJTYPE: WAPA
P_GROUP: *
Now, what are my options here to fix this issue. I need to add DEBUG Object type, if I add I need to delete the existing one and if I just add without deleting the existing one, the ACTVT field will become same for Object type DEBUG and WAPA. What if I don't want to play with current OBJTYPE type and just add the OBJTYPE DEBUG and its ACTVT? Please suggest.
2) I see that there are roles which are only there in ECC system, not there in CRM. However when we are not able to use a specific transaction in CRM, we make those changes in ECC system. My concern here, if a role is functioning fine in ECC system but when trying the same thing from CRM system(User is there in both systems), it won't work. What could be cause?
Regards
Piyush
05-19-2016 12:30 PM
Hi Piyush,
1) Please share more details on what tcode user is using and getting issue. sometimes S_DEVELOP missing access comes up when user do not have specific authorization and system tries to move to debug mode but this might not be a really issue.
because SU53 gives last failed auth. check, you may try to do trace analysis (ST01) to confirm exact error.
2) CRM talks to ECC via RFC call , do one thing:
setup trace on all servers of ECC & CRM for the user u are facing issue, you will get exact results when and where it is failing. is it issue with ECC roles or with CRM roles.
Please try out these options and let me know.
Regards,
Satyajit
05-24-2016 6:31 AM
your SU53 is a misleading check unless you are actually trying to debug the code
Do not give DEBUG out in production
Do not give SU53 access out just because it appears as a failure. Misleading checks happen a lot - they are deliberately meant to fail and granting the access will not fix underlying cause. You need to validate and analyse SU53 error in the context of the issue the user is facing to determine if it is relevant.
If you have an issue, run STAUTHTRACE and check for other error
05-24-2016 1:10 PM
Piyush,
When you have two issues, please raise two discussion threads. Only one response can be marked as Correct.
Gretchen
06-07-2016 11:02 AM