I am Thomas, from purchasing department. I always struggle to remember SAP transaction codes I use for my work, especially when I come from holidays. I fall into authorization issue each time I run SAP transactions.
I remember that one day, a super Consultant, that I met on a previous project, had told me how to do if I have authorization lack.According to him, I should follow two simple steps. However, the first step is enough for GRC department to grant me with appropriate access (on user request with Fiori APPs). This step allows to identify missing authorization objects.
But if you are Curious like me and you want to do your own investigations and you have the needed rights, go next step.
The second step can be done two ways:
A- Use of SUIM transaction
B- Use of tables by calling SE16N
If implemented, Business can use this App to do authorization requests
1- Identify missed Authorization Objects
This step is quiet simple. After authorization issue, I just need to launch the transaction SU53 and the result will be shown like below:
In the screen of SU53, I can see that I miss rights for the transaction FB01. In detail, here are the authorization tree structure data needed:
- Authorization Object: S_TCODE
- Authorization field: TCD
- Field Value: FB01
But, wait a minute, this transaction code doesn’t sound like a purchasing transaction for me! Maybe, it is because of the long holidays.
2- Investigate for roles
As said previously, only user with rights to SUIM & SE16N can go further.
A- Use Tcode SUIM to find the role needed
The SUIM Tcode offers a large possibility of authorizations search. Searchs are possible by Users/Roles/Profiles/Authorizations/Authorization Objects/Transactions/Comparisons/Where-Used List and Change documents.
With the data got from SU53 screen, I can search for a role by complex selection criteria.
Once this is done, we still have to refine the selection.
After, having entered the authorization objects details like shown in SU53 screen, the program can be launched.
The result of this selection is displayed like following:
B- Use Authorization tables
If you are more familiar with SAP tables, like me and most of super Consultants, you may also go through tables investigations. There are a lot of tables in this domain, but one of my favorites is the table AGR_1251.
By entering the authorizations data shown in the screen of SU53, you will directly find roles for which you can do an access request.
Remark: Other tables are also available to check roles
Since that time, I am happy to know how to search for roles to grant me in case of authorization lack. But, I still have to remember purchasing transaction codes I used to use.
Fortunately, my super consultant had prepared for me a global simplified purchasing overview process poster to easily keep it in my mind.