Re: How to find T-code History with role

Hi Lokesh

Quick etiquette - there is an unwritten assumption that everyone who posts to SCN asking for assistance has critical issue (to them) or urgent. No need to write it as anyone who responds to you is doing it in their free time. If anything, you might annoy many knowledgeable community members and they will show their annoyance through silence.

Steve has covered a fair bit of it. Some things to break down and assume

1. Run SUIM Change documents for the users to see what roles they have had. Sounds like you have done this
2. Check the SE93 definition of the trasaction or table TSTCA to see if there is a secondary authorisation check. I'm assuming when you the user can't execute the transaction they are getting a "you are not authorized to for the transaction" type message instead of getting their initial screen. If this is where they are failing then they are either missing the S_TCODE or the secondary auth check.
3. Run SUIM Change documents for roles for authorisation data to see if any roles had either the S_TCODE or another object deleted.
4. Cross reference the roles in Step 1 against Step 3 to see if you can pinpoint the change
5. You can then also check your transports to see if that's happened recently.

If still getting nowhere then you need to check

1. Were roles updated directly in production (if there is a change record on authorisations then it's a direct update.
2. Is the profile for the role corrupted (checking SU56 for user on the objects will show this if it can't load properly). If so, retransport role after generating the profile
3. Any chance there is an immediate authorisation check in the code on execution and the user no longer has that authorisation. If you can't search the code get a developer to assist you. If you find an object, repeat above steps with that object as well

Biggest bit comes down to understanding what the user has actually lost

Also, I can't remember of the top of my head if a call transaction (SE97 skips S_TCODE check) or similar will show as a user having executed it but in reality the user cannot execute it directly

Regards

Colleen