If the question involves many messages involving missing authorizations then I would first create a test user copying the user with the issue and:
- Execute Transacation ST01 (i.e. ST'ZERO'1) for System Trace
- Check mark the box next to Authorization check under Trace Components
- Click on General Filters
- Enter the user name in 'Trace for user only' field
- Click on Green 'Back' icon (next to red 'X') or press F2
- Click on 'Trace on' (next to Refresh)
- You will see 'Trace Status:' changed as 'Trace switched on (main switch on)
- Now recreate the issue, i.e. perform the steps by which the user was getting those 'Missing Authorizations' related messages, either in SAP GUI or in Web UI
- Once you execute the very step, after which you get the messages in question, go to ST01 and turn the Trace off, i.e. click on the next button to Trace on
- Now click on Analysis
- Select the user name (by default it will be the user that you are logged on to SAP GUI with)
- Check the correctness of the time, i.e. From: and To: fields
- Remove the Table Restrictions and enter '*' instead
- Uncheck all Trace Records except Authorization Check
- Click Execute
- Now you should see a Trace Display in which you will several columns with line items with different Green shades..Dark and Light green..
- Among the columns displayed you will see the fourth column with Authorization Object and RC (Return Code)
- Find the objects with non-zero RC and you should see the missing authorizations
- This you can use to modify the existing role accordingly and reexecute the steps to see if the Missing Authorizations related messages appear again.
Very much informative...Very good article!!!
ReplyDeleteThank you Ashish for the comment.
ReplyDeleteVery good article..
ReplyDeleteit would have been good, if screenshots were included to understand it better.
ReplyDelete