- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
S_DEVELOP
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-11-2008 2:11 PM
I run ME31K with a developers role. I get a short dump, I go to SU53 and have an auth error that caused it on an SD object. This is fine.
I remove the developers role. Run the same tcode, get the same short dump but now when I go to Su53, I do not see the real auth error, I now see an auth error on 'S_DEVELOP ' and object debug.
any idea on where this would come from. the user obviously does not have a developers role and should not, the tcode ME31K also does not check for this. So , where is the auth error coming from ?
- SAP Managed Tags:
- ABAP Development,
- Security
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-11-2008 3:41 PM
go to transaction SU24 and check which objects are marked C/M on transaction ME31K. i'd be very surprised if there was any SD-object to that transaction except for
V_KOND_VEA
V_KONH_VKS
as for the error. run transaction ST01 with 'autority-check' flagged for the user in question (make sure you run the trace on the same instance the user is logged on to - in case of more than one application server). check the trace. have a special look at all objects with a return-code > 0.
- SAP Managed Tags:
- ABAP Development,
- Security
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-11-2008 3:41 PM
go to transaction SU24 and check which objects are marked C/M on transaction ME31K. i'd be very surprised if there was any SD-object to that transaction except for
V_KOND_VEA
V_KONH_VKS
as for the error. run transaction ST01 with 'autority-check' flagged for the user in question (make sure you run the trace on the same instance the user is logged on to - in case of more than one application server). check the trace. have a special look at all objects with a return-code > 0.
- SAP Managed Tags:
- ABAP Development,
- Security
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-11-2008 5:50 PM
V_KONH_VKS is the object in question and after I ahve that added, I have no problems. Still do not know where the S_DEVELOP auth problem came from but adding the V_KONH_VKS object seems to have cured it.
- SAP Managed Tags:
- ABAP Development,
- Security
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-04-2008 8:23 PM
SU53 shows the last failed authority check, not the authorization which (necessarily) needs to be added to the user role to make it work. This is a well documented but sometimes misunderstood fact.
When the program dumps due to missing authority (which should not ideally happen; even for objects such as S_DATASET you should check the authority using FM AUTHORITY_CHECK_DATASET and react to it before you open the file, etc), then the system is most likely checking S_DEVELOP object type DEBUG to determine whether or not the "Debug" function should be displayed in the dump screen....
=> this is then the last failed authority check => SU53 is doing that which it is built to do
Cheers,
Julius
- SAP Managed Tags:
- ABAP Development,
- Security
