Monday, June 29, 2015

SAP Authorization /nSU53




Overview

One of the strong key in SAP is the authorization.
Its build with strong yet flexible, thus various needs of organization can be accommodated.

For an example, one user may access payroll data in full access mode.
Other user may view payroll data for specific employee group in display mode only.
While other cannot view payroll data at all, but can view personnel data.                                                                 

Two t-codes that closely related with authorization are:
  1. SU01 to maintain the user
  2. PFCG to maintain the role.



No read authorization for [specific infotype]

During daily operation, there are some user may face problem related with authorization.
Tcode SU53 can be used by SAP Basis to evaluate, which object should be included.

When user meet error message, such as “No read authorization for payroll data”, then the user has to type in /nSU53 in command bar.
The output of this message can be used by SAP Basis to modify the corresponding role from PFCG.

Basically SU53 will evaluate all roles that attached to the user, against to object that going to be executed.
Tcode SU53 can be safely attached for all users in company.

In proper method, SAP Basis should be consult with the SAP Functional team.
It need to be done, since Functional know which area each user can / cannot access to.