How to Analyzing Authorization Checks for SAP User
2008-11-19 10:42
344 查看
If
you do not know the required authorizations for a transaction, you can
use the system trace or the authorization error analysis to determine
them.
● System Trace
1. Choose Tools®Administration ® Monitor®Traces®SAP System trace.
2. Choose the trace component Authorization check and then Trace on. The system then automatically writes the trace to disk.
3. To restrict the system trace to your own sessions, choose Edit ® Filter ® General. In the dialog box displayed, enter your user ID in the field Trace for user only.
4. After you have completed your analysis, choose Trace off.
5. To display the results of the analysis, choose Goto ® Files/Analysis or choose the pushbutton File list. Position the cursor on the file that you want to analyze and choose Analyze file.
You will see authorization tests entries in the format <Authorization object>:<Field>=<Value tested>.
You
can display a formatted view of an authorization check by
double–clicking an entry. (You may need to scroll down in the display
to reach the formatted view of the entry.)
If no authorization entries exist or the system displays the message Authorizationentries skipped, check that you have set the trace switches correctly. If the switches are correct, then choose Tracefile®Analyze file and ensure that Trace for authorizationchecks is selected.
●
4000
Authorization error analysis
You
can use transaction SU53to analyze an access-denied error in your
system that just occurred. It displays the last failed authorization
check, the user’s authorizations, and the failed HR authorization check.
You can use transaction SU53 from any of your sessions, not just the one in which the error occurred.
For
example, you have selected a function, and the system responds with the
message "You are not authorized for this function." To display the
checked authorization object, enter SU53 or /nSU53 in the command
field. The system then displays a comparison of the values of the
object that are in your user master record.
Note,
as the administrator, that the data in the Failed Authorization Check
area are from the time at which the user started transaction SU53 to
determine which authorization he or she is missing.
The
User’s Authorization Data, on the other hand, is the data that was read
directly from the user buffer at the time of analysis, when the
administrator views the user’s problem by choosing Display for Other
Users.
Use
transaction SU56 to display all of your own authorizations or the
authorizations of another user. Call transaction SU56 by choosing Goto
? Entered Authorization in User Buffer. This transaction shows which
authorizations are currently assigned in the user's user master record.
you do not know the required authorizations for a transaction, you can
use the system trace or the authorization error analysis to determine
them.
● System Trace
1. Choose Tools®Administration ® Monitor®Traces®SAP System trace.
2. Choose the trace component Authorization check and then Trace on. The system then automatically writes the trace to disk.
3. To restrict the system trace to your own sessions, choose Edit ® Filter ® General. In the dialog box displayed, enter your user ID in the field Trace for user only.
4. After you have completed your analysis, choose Trace off.
5. To display the results of the analysis, choose Goto ® Files/Analysis or choose the pushbutton File list. Position the cursor on the file that you want to analyze and choose Analyze file.
You will see authorization tests entries in the format <Authorization object>:<Field>=<Value tested>.
You
can display a formatted view of an authorization check by
double–clicking an entry. (You may need to scroll down in the display
to reach the formatted view of the entry.)
If no authorization entries exist or the system displays the message Authorizationentries skipped, check that you have set the trace switches correctly. If the switches are correct, then choose Tracefile®Analyze file and ensure that Trace for authorizationchecks is selected.
●
4000
Authorization error analysis
You
can use transaction SU53to analyze an access-denied error in your
system that just occurred. It displays the last failed authorization
check, the user’s authorizations, and the failed HR authorization check.
You can use transaction SU53 from any of your sessions, not just the one in which the error occurred.
For
example, you have selected a function, and the system responds with the
message "You are not authorized for this function." To display the
checked authorization object, enter SU53 or /nSU53 in the command
field. The system then displays a comparison of the values of the
object that are in your user master record.
Note,
as the administrator, that the data in the Failed Authorization Check
area are from the time at which the user started transaction SU53 to
determine which authorization he or she is missing.
The
User’s Authorization Data, on the other hand, is the data that was read
directly from the user buffer at the time of analysis, when the
administrator views the user’s problem by choosing Display for Other
Users.
Use
transaction SU56 to display all of your own authorizations or the
authorizations of another user. Call transaction SU56 by choosing Goto
? Entered Authorization in User Buffer. This transaction shows which
authorizations are currently assigned in the user's user master record.
相关文章推荐
- facebook permissions : How to check if the user has already allowed publish_stream for your app
- How to Check Missing Authorisation for User
- How to proceed for rework process in sap PP
- How to specify image folder path for each user when use TinyMce ImageManager with Symfony
- how to get the Authorization of adobe acrobat 8.0 for free
- How to Check for 32 or 64 Bit Fedora
- HOW TO CHECK FOR ACTIVE TRACE FLAGS ON MICROSOFT SQL SERVER
- How to check for and disable Java in OS X
- SAP CRM How to Create your own BOL Object for webclient
- How to get SAP RFC-SDK for C/C++
- ABAP:How to Find Bapi for Particular Transaction in SAP
- How to Check or Verify PC Motherboard BIOS SLIC Version is SLP OA 2.0 or 2.1 for OEM Activation
- SAP Skill - How to search a field for which table it belongs
- How to lookup django session for a particular user?
- How to check port number is open for a windows server
- 四 错误处理篇 How to Fix Login Failed For User NT AUTHORITY IUSRS in SharePoint 2013 ...
- How to test for a valid user session in a JSP
- Linux: How to enable root user in Gnome for VirtualBox Fedora?
- JS:Trim() in javascript, how to define a function of checkinput for a WebControl(ascx)
- how to enable remote access for root user