Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Showing results for 
Search instead for 
Did you mean: 

Missing authorization and CRM-ECC role issue

Former Member
0 Kudos

Hello Experts,

I have two queries related to Security:

1) I have a scenario where under SU53  screen shot, under S_Develop Auth Obj., I can find 5 fields as

(Missing Authorization)

ACTVT : 03

DEVCLASS: <Dummy>

OBJNAME: <Dummy>

OBJTYPE: DEBUG

P_GROUP:<Dummy>

When I checked the specific Authorization object under specific Role, I found entries as below:

ACTVT : 03

DEVCLASS: CRM*

OBJNAME: CRM*

OBJTYPE: WAPA

P_GROUP: *

Now, what are my options here to fix this issue. I need to add DEBUG Object type, if I add I need to delete the existing one and if I just add without deleting the existing one, the ACTVT field will become same for Object type DEBUG and WAPA. What if I don't want to play with current OBJTYPE type and just add the OBJTYPE DEBUG and its ACTVT? Please suggest.

2) I see that there are roles which are only there in ECC system, not there in CRM. However when we are not able to use a specific transaction in CRM, we make those changes in ECC system. My concern here, if a role is functioning fine in ECC system but when trying the same thing from CRM system(User is there in both systems), it won't work. What could be cause?

Regards

Piyush

4 REPLIES 4

Former Member
0 Kudos

Hi Piyush,

1) Please share more details on what tcode user is using and getting issue. sometimes S_DEVELOP missing access comes up when user do not have specific authorization and system tries to move to debug mode but this might not be a really issue.

because SU53 gives last failed auth. check, you may try to do trace analysis (ST01) to confirm exact error.

2) CRM talks to ECC via RFC call  , do one thing:

setup trace on all servers of ECC & CRM for the user u are facing issue, you will get exact results when and where it is failing. is it issue with ECC roles or with CRM roles.

Please try out these options and let me know.

Regards,

Satyajit

Colleen
Advisor
Advisor
0 Kudos

your SU53 is a misleading check unless you are actually trying to debug the code

Do not give DEBUG out in production

Do not give SU53 access out just because it appears as a failure. Misleading checks happen a lot - they are deliberately meant to fail and granting the access will not fix underlying cause. You need to validate and analyse SU53 error in the context of the issue the user is facing to determine if it is relevant.

If you have an issue, run STAUTHTRACE and check for other error

Former Member
0 Kudos

Piyush,

When you have two issues, please raise two discussion threads. Only one response can be marked as Correct.

Gretchen

0 Kudos

Okay Gretchen. Will make a note of it

Regards

Piyush