Skip to Content

Correcting Security error 5@ 015: Inconsistency in Authorization default values of a transaction for an object

The error:

Sometimes, when we try to change authorization data of a role containing a transaction (In this example /VIRSA/ZVRAT) in PFCG, we get an error like the below:

sap1.JPG

“Authorization default values of transaction /VIRSA/ZVRAT for object ZVRAT_0004 inconsistent”

This error has occurred because the authorisation fields in the value list in transaction SU24 (that updates the customer tables USOBT_C and USOBX_C) are different from those defined in SU21 for the object, in this case ZVRAT_0004.

If we check the objects and values in SU24 (which shows the data updated in table USOBT_C) for transaction /VIRSA/ZVRAT, we get the below

information for the object ZVRAT_0004:

untitled.JPG

We can display the concerned authorization object class in SU21 (in this case object class: ZVRA) to find out the inconsistency for the specific object

untitled.JPG

Click on Authorization objects to get the list of objects

untitled.JPG


Select the object ZVRAT_0004  and click on display to get the details as below:

untitled.JPG

Here we can see that while the object only has the field ZORGRULEID in SU21, the customer data in SU24 has an additional

field /VIRSA/ORG. Hence the inconsistency.

Remediation:

  1. In SU24, display check indicator for /VIRSA/ZVRAT and click on SAP defaults

untitled.JPG

  1. Go to edit mode

untitled.JPG

This gives a prompt for a workbench request

untitled.JPG


  1. Once the transport request has been created, we get the below screen. Select the object to delete and hit the delete button on the right

untitled.JPG

untitled.JPG

The object is deleted from the check indicator screen.

  1. To add the object again ( or any new object), click on Add auth object:

untitled.JPG

untitled.JPG

The object is added below.

untitled.JPG

By default, the check indicator points on “check” and not “check maintain as it was earlier. In this case if we click

on “Display field values”, we will not see this object.

Therefore, the check indicator needs to be changed to check/maintain:

untitled.JPG

Once the changes are saved, we can now click on  untitled.JPGto display the updated object status, which is consistent with

the SU21 value:

untitled.JPG

This resolves the error of inconsistent authorization.

Be the first to leave a comment
You must be Logged on to comment or reply to a post.