This website is not affiliated with, sponsored by, or approved by SAP AG.

missing check on s_user_grp creating internet user

SAP Security

Moderators: Snowy, thx4allthefish, jurjen

missing check on s_user_grp creating internet user

Postby bchristensen » Tue Sep 11, 2012 4:06 am

Hi All

I am in the proces of setting up authorizations for creating internet users via transaction BP. The idea is that users, should obly have access to create/change users, which is located in user group: XXXXX. I would have expected the transaction to run a check on authorization object: S_USER_GRP.

However when creating the internet user there is check if user has access to SU01 and allso there are checks on BP-related authorisation objects. However I do get a authorisation message in the button of my screen: You are not authorized to create user in user group: YYYYY. But I noted that the message is issued as a warning. The message is: 01492, and with the txt: You do not have sufficient authorization for object S_USER_GRP... the operation was interrupted. If I afterwards check SU53 I can see a failed authorization (all is good). But the problem is the operation is NOT interrupted and the user can creat the internet user. If I run ST01 I can all so see that the authorization for the object is granted, which does not correspond with the message and the SU53.

If I do the same operation directly from SU01, the authorization check works perfectly.

Hopefully some one aout there have a good idea, on to how I can solve this problem. I was thinking, that maybe ther is a place where you can customize the message for transaction BP (Table or something). If it was possible to change the message, from Info to Error, this might work - just an idéa


Yours sincerely

Posts: 1
Joined: Thu Sep 06, 2012 6:27 am

Return to SAP Security

Who is online

Users browsing this forum: No registered users and 6 guests

This website is not affiliated with, sponsored by, or approved by SAP AG.