Question:
Hi All,
We need to restrict the authorization for transaction code '3KEI' only to display.. Can someone suggest what is the authroization object on which we can have this restriction ?
Thank you,
ramya
Answer:
Try running an ST01 trace on it to get the value.
S_TABU_DIS:DICBERCLS=KE1C,ACTVT=03 (table auth group may be different)
The_Bean
Answer:
There is a way, way easier way to do this.
Go into PFCG and add a new empty role called ZTEST or whatever. Then click on the Menu tab and add transaction 3KEI to the menu. Then click on the Authorizations tab, save the role, and click the Change Authorization Data. When you get to the Change roles: Authorizations screen, the only thing you should see is the authorization objects controlling the use of transaction 3KEI. You can see what needs to be added/changed/deleted in the user's real role.
Answer:
Tinuviel
That method is not guaranteed to work.
You will only bring in the auths that have been configured for the transaction in SU24. This does not necessarily match the checks in the programme that run when calling a transaction. You can configure SU24 so that adding a transaction to a role brings through any auth objects (and values) you like, but that doesn't make the programme check them. A trace is more reliable.
Thebean3's answer shows the check with the correct value of 3 for display only.
_________________
Sandi
~~~~
Apparently Father Christmas, the Easter Bunny, the Tooth Fairy and Star Wars aren't real
Tuly kiwi.
Answer:
We use se93/drill down to the programme and do a search on 'authori' to see hat the code checks too.
_________________
Real Daleks don't use the stairs. They just level the building.
Answer:
We use se93/drill down to the programme and do a search on 'authori' to see hat the code checks too.
for S_* transactions it's also worth checking for any logical databases too - auth failures in a ldb aren't reported in SU53
Answer:
What role is the transaction in?