Technical Articles
S_SYS_INFO : Restricting information in system>status
Noticed something interesting while working on a S/4 HANA 1809 box today.
Problem: Launching system>status from the menu bar did not launch the usual, expected screen for me. Instead, what I got was a very restricted subset of the information under the header “Repository Data” –
Weird, where was the good old popup with the technical data and product information?
Solution: A bit of digging led me to the solution. SAP Note 2658772.
SAP_BASIS version 7.53 has now introduced a new authorization check on system>status. The contents of this popup is now restricted through the authorization object S_SYS_INFO. There was no restriction on this in the earlier versions.
In order to get back the unrestricted view, you will need to create a new role containing the above object, or add it to an existing role, with the below field values –
ACTVT:
03 (Display)
INFO:
-
USER (to view the “user data” section)
-
SYSTEM (to view the “SAP system data” section)
-
HOST (to view the “host data” section)
-
DB (to view the “database data” section)
-
KERNEL (to access the kernel information)
-
* (to view everything)
…..and voila!
Really helpful.. thanks for sharing.
I found the same problem in S4HANA 1809
Does anyone know why this object does not occur in STAUTHTRACE?
Thanks for the writeup. Very handy. This occurred for us on an upgrade from S4 1610 to S4 1909.
Thanks for this information , just bit curious this object does not come into the trace...
very useful, great thanks
Hello Rohit,
Thank you very much for sharing the solution on this issue, I was stuck for while.
Best,
Hi Rohit,
Thank you for sharing it.
Regards,
Thank you for the post, same issue un HANA 20 FPS01. Regards
Thanks! We just completed upgrade from 1709 to S4 2020 FPS01. Noticed same issue.
Thanks for sharing. Useful info.
Thanks for all of these details.
Would you please suggest whats the alternative to find Product version with this restriction?
I have a question for the SAP development team:
Why are you not using the AUTHORITY-CHECK standard way of checking authorizations instead of checking this authorizations in a subtle way?