Overview
One
of the strong key in SAP is the authorization.
Its
build with strong yet flexible, thus various needs of organization can be accommodated.
For
an example, one user may access payroll data in full access mode.
Other
user may view payroll data for specific employee group in display mode only.
While other cannot view payroll data at all,
but can view personnel data.
Two
t-codes that closely related with authorization are:
- SU01 to maintain the user
- PFCG to maintain the role.
No read authorization for [specific infotype]
During
daily operation, there are some user may face problem related with
authorization.
Tcode
SU53 can be used by SAP Basis to evaluate, which object should be included.
When
user meet error message, such as “No read authorization for payroll data”, then
the user has to type in /nSU53 in
command bar.
The
output of this message can be used by SAP Basis to modify
the corresponding role from PFCG.
Basically SU53 will
evaluate all roles that attached to the user, against to object that going to
be executed.
Tcode SU53 can be
safely attached for all users in company.
In proper method, SAP
Basis should be consult with the SAP Functional team.
It need to be done,
since Functional know which area each user can / cannot access to.
No comments:
Post a Comment