In this sample, we'll use "SU53" to troubleshoot the authorization issue face by the user and follow by using "PFCG" to resolve it.
1) Login to the client where user had encounter authorization error
2) "SU53" to check the authorization error encounter by the user
3) Click to switch user to view the authorization error4) Example of error that cause by "object A_S_KOSTL" and the missing authorization value is either "BUKRS" (1132) or "KOSTL" (0001132000)
5) To identify which role that relevant to the above object that causing the authorization error, Run TCODE: "SUIM" and expand “Roles”, select “Roles by Complex Selection Criteria”
6) Enter user ID and authorization object, then click "Execute" icon
7) The result show only one role match these filtering criteria
8) From this point, there are 2 options available:
a. Make all the necessary authorization changes in QAS and once UAT is ready re-
download the role to DEV and create transport report to deploy the role to QAS and DEV
b. Make the authorization changes in DEV and transport to QAS for UAT and follow by
transport to PRD later on
9) Either option, run "PFCG" and enter the relevant role name for modification and click the "Pencil" icon
10) Click find "find" icon to search the authorization object that caused the error e.g. A_S_KOSTL, S_CTS_ADMI or BC_A
11) Add the missing value in the relevant authorization object parameter, then click "generate "icon" and exit
12) Done, the role is ready for UAT...
Comments
Post a Comment