SAP Authorization /nSU53


One of the strong key in SAP is the authorization.
Its build with strong yet flexible, thus various needs of organization can be accommodated.

For an example, one user may access payroll data in full access mode.
Other user may view payroll data for specific employee group in display mode only.
While other cannot view payroll data at all, but can view personnel data.                                                                 

Two t-codes that closely related with authorization are:
  1. SU01 to maintain the user
  2. PFCG to maintain the role.

No read authorization for [specific infotype]

During daily operation, there are some user may face problem related with authorization.
Tcode SU53 can be used by SAP Basis to evaluate, which object should be included.

When user meet error message, such as “No read authorization for payroll data”, then the user has to type in /nSU53 in command bar.
The output of this message can be used by SAP Basis to modify the corresponding role from PFCG.

Basically SU53 will evaluate all roles that attached to the user, against to object that going to be executed.
Tcode SU53 can be safely attached for all users in company.

In proper method, SAP Basis should be consult with the SAP Functional team.
It need to be done, since Functional know which area each user can / cannot access to.

Monday, June 29, 2015

SAP, Setup TREX Connector

TREX is a search engine that used in SAP NetWeaver. This search engine primarily used in SAP Enterprise Portal, such as for Talent Management Specialist to find employee. TREX server recommended to be installed in separate machine, since during indexing process can consume high resources.

TREX need to be connected with the SAP back-end.
More information regarding TREX admin can be found here.
While to setting connection of TREX can be found on screenshots below:

Wednesday, September 17, 2014

Renew SAP Router Certificate on Windows Server

By default, SAP Router certificate will be expired each one year. SAP router is used to connect between your local SAP server to SAP server. It is used for an example to download and install new NOTE from SAP.

Check the connection of SAP router:

  • Login to SAP R/3
  • Open t-code SM59 - Configuration of RFC Connections
  • Open folder ABAP Connections > SAPOSS > Connection Test
  • If connection return an error such below, there is posibility that your SAP router certificate has been expired and need to be renewed.
Error message:
Logon              Connection Error
Error Details     Error when opening an RFC connection
Error Details     ERROR: CPIC program connection ended (read error)
Error Details     LOCATION: SAP-Server TRHP01_DBW_00 on host TRHP01 (wp 1)
Error Details     COMPONENT: CPIC
Error Details     COUNTER: 6
Error Details     RETURN CODE: 223
Error Details     SUBRC: 0
Error Details     RELEASE: 700

Renew SAP Router Certificate

Please follow screenshot below:

Saturday, August 16, 2014

- Copyright © Ady Purnama -Metrominimalist- Designed by djogzs -