KB 162 - Authorization objects related issues
KB 162 (ABAP): Authorization objects related issues
Category: Information | Priority: Normal |
---|---|
Platform: ABAP | Version: 1 from 09.09.2022 |
Description
The purpose of the KB is to provide an overview of possible issues caused by PowerConnect roles misconfiguration.
Cause
Table reader does not extract any data, but shows events in Test Metrics (with super user dialog user).
Open SQL script extractor does not extract any data, but shows events in Test Metrics (with super user dialog user).
Native SQL script extractors do not extract any data, but shows events in Test Metrics (with super user dialog user).
Administrator->Setup Task Group does not show any data.
Following message is shown after screen access: Unauthorized records are filtered out!No metrics are collected by Collector job.
Resolution
Please ensure roles are updated/regenerated after PowerConnect update. Following authorization objects needs to be assigned to PowerConnect users.
Table reader does not extract any data, but shows events in Test Metrics (with super user dialog user).
Potential issue with batch user role. Table reader is using ‘VIEW_AUTHORITY_CHECK’ FM to check authorization for all defined tables.
Following authorization objects expected in PowerConnect batch user role (delivered by default since SP 6.09 as part of Z_BNWVS_BATCHUSER role): S_TABU_DIS, S_TABU_NAM.Open SQL script extractor does not extract any data, but shows events in Test Metrics (with super user dialog user).
Potential issue with batch user role. Open SQL extractor is using ‘VIEW_AUTHORITY_CHECK’ FM to check authorization for all tables listed in FROM statement.
Following authorization objects expected in PowerConnect batch user role (delivered by default since SP 6.09): S_TABU_DIS, S_TABU_NAM.Native SQL script extractors do not extract any data, but shows events in Test Metrics (with super user dialog user).
Potential issue with batch user role. For Native SQL extractors, the statement is checked using corresponding CL_DBA_SQL_EXECUTOR class (S_TABU_SQL for each table). For the systems where the class is not available, but S_TABU_SQL auth object exists, following check will be performed:AUTHORITY-CHECK OBJECT 'S_TABU_SQL' ID 'ACTVT' FIELD '33' ID 'DBSID' FIELD lv_dbcname ID 'TABLE' FIELD '*' ID 'TABOWNER' FIELD '*'.
In other cases, the check will fallback to the following one:
AUTHORITY-CHECK OBJECT 'S_ADMI_FCD' ID 'S_ADMI_FCD' FIELD 'SMSS'.
Following authorization objects expected in PowerConnect batch user role (delivered by default since SP 6.10): S_TABU_SQL or S_ADMI_FCD (if S_TABU_SQL does not exist).Administrator->Setup Task Group does not show any data.
Potential issue with admin user role. Please ensure following authorization objects are assigned to the PowerConnect admin user role (delivered by default since SP 6.10 as part of Z_BNWVS_ADMIN_CHANGE role):
ZBNWVS_GRC
ZBNWVS_GRDNo metrics are collected by Collector job.
Potential issue with batch user role. Please ensure following authorization objects are assigned to the PowerConnect batcg user role (delivered by default since SP 6.10 as part of Z_BNWVS_BATCHUSER role):
ZBNWVS_GRC
ZBNWVS_GRD
Product version
Product | From | To |
PowerConnect (all ABAP platforms) | 6.10 | * |