Monday, November 19, 2007

APO - second role causes authorization problems

Question: Hello all,

the following effect occurs on my APO system:
User A has assigned a role to do customer plannings, everything works. After that the user gets an additional role for PPDS or SCPT. Now, the customer planning doesn't work anymore?
More authorizations - less rights?
This effect is indenpendent of user A, I tried it with several ones. Always the same.

What can I do?

The users need access to both transactions!

Thanks for your help!

Answer:
may be user comparision issue.
if u get a solution for this problem please post it here.
thanks

Answer:
Hello,

it's not a problem of user comparison.

Answer:
Have you run a trace ?
_________________
Best Regards
Bazza

Answer:
Sometimes SAP performs an auth check to determine screens dynpros or the path which the runtime environment should be generated from.

In some special cases of the above, adding authorizations will give you a more restricted path followed (or it would appear to be so) as a result.

Try logging on with less auths (or none what-so-ever) and see what you get.

Contrary to popular belief, more auths (or SAP_ALL) does not contain more (or all) authorizations for the system.

Tarr

Answer:
No APO experience so look at this as a generalization thta may have some applicability.

If you had a role with an authorization with P_PERNR with value of I and another role with an authorization with the value of E and then assigned the roles together something the user could have done earlier will quit working. This is because these authorizations are mutually exclusive and the system is smart enough to recognize this. You may need to study the values of authorizations in your roles (and the help text) to see if APO delivers an object like P_PERNR.

ps if it does please share.

No comments:

Blog Archive