Key word: User buffer
The system may deny a user the execution of a function, even though that user has the appropriate authorization in the master record.
The system log contains entries such as:
'User buffer too small for user xxxxx'.
Cause and prerequisites
The user has many authorizations, (normally more than 800), so that the user buffer overflows.
Use 'User maintenance -> Info -> Overview -> User values' to see whether the missing authorizations are actually preset in the master record. Log on under the user ID with the missing the authorizations and call Transaction SU56. Check the list below to see whether all the authorizations are displayed (for example, the authorizations for objects S_USER...) that you saw in Info...
If not, then a master record with a large number of authorizations is usually involved.
Remove any unnecessary or redundant authorizations from the receptive master record. Too many authorizations per authorization object in a master record have a detrimental effect on the performance of authorization checks.
If you do, however, require a user with many authorizations, then you have the option of setting the following system parameter:
auth/auth_number_in_userbuffer
Depending on the release you are using, it has the following default values:
| 3.1G | 3.1H | 4.0A | 4.0B
--------------------------------------------
Minimum value | | | 800 | 1000
Standard value | 800 | 2000 | 1000 | 2000
(Maximum value | 2000 | 5000 | 3000 | 5000 planned!)
Maximum value | 2000 | 2730 | 2730 | 2730
To be exact, the release specifications are as follows:
3.1G: 3.0x, 3.1G, 3.1H to patch level 177, 3.1I to 49
3.1H: 3.1H from patch level 178, 3.1I from patch level 50
4.0A: 4.0A, 4.0B to patch level 72
4.0B: 4.0B from patch level 73
Caution: At present a value greater than 2730 leads to authorizations being cut off. See Note 120300. Kernel patches are in preparation.
You can set the higher maximum values provided by the corrected kernel in spite of the maximum value (2000) displayed by RZ11.
The check-program sappfpar generates the error message: "unexpected parameter: auth/auth_number_in_userbuffer". The message can be ignored, since it is not used during system start.
As of Release 3.1G
After you have restarted the system, reset the user buffer. You can find the required function in Transaction SU01 under the menu options 'Environment -> Mass changes -> Reset all user buffers'.
This is no longer necessary (and, at the second call, may even lead to warnings or error messages) from kernel patch 3.1H level 163, 3.1I level 1 (on CD), 4.0B level 73.
No comments:
Post a Comment