Question: Hi
We are currently implementing HR in our company; we are in the process of creating the roles. We have encountered a problem when trying to restrict the user to specific groups, subgroups, organizational key, etc.
The Following is what the P_ORGINCON object looks like:
Manually HR: Master Data with Context T-RD06064100
Authorization level M, R, W AUTHC
Infotype 0000-0002, 0006-0009, 0011, 0014-0015, 0019, 0021, 0023-0024, 0040-004<...> INFTY
Personnel Area * PERSA
Employee Group 1 PERSG
Employee Subgroup 01-07, 10-12 PERSK
Authorization Profile * PROFL
Subtype * SUBTY
Organizational Key 1000PPHY* VDSK1
Manually HR: Master Data with Context T-RD06064101
Authorization level M, R AUTHC
Infotype 0003, 0005, 0010, 0016, 0026-0027, 0032, 0049, 0052, 0078, 0083, 0230,<...> INFTY
Personnel Area * PERSA
Employee Group 1 PERSG
Employee Subgroup 01-07, 10-12 PERSK
Authorization Profile * PROFL
Subtype * SUBTY
Organizational Key 1000PPHY* VDSK1
Manually HR: Master Data with Context T-RD06064102
Authorization level M, R, W AUTHC
Infotype 0045, 0139 INFTY
Personnel Area * PERSA
Employee Group 1 PERSG
Employee Subgroup 01-07, 10-12 PERSK
Authorization Profile * PROFL
Subtype 9001-9007, 9020-9033 SUBTY
Organizational Key 1000PPHY* VDSK1
Manually HR: Master Data with Context T-RD06064103
Authorization level M, R, W AUTHC
Infotype 2006 INFTY
Personnel Area * PERSA
Employee Group 1 PERSG
Employee Subgroup 01-07, 10-12 PERSK
Authorization Profile * PROFL
Subtype 20, 40-44 SUBTY
Organizational Key 1000PPHY* VDSK1
This is taken from one of the derived roles. While testing the role and running transaction PT60 we receive an authorization error:
Object P_ORGINCON HR: Master Data with Context
Object class HR Human Resources
Field Value
Authorization level
R
Infotype
2006
Personnel Area
*
Employee Group
*
Employee Subgroup
*
Authorization Profile
*
Subtype
20
Organizational Key
*
It seems like it wants access to all employee groups, subgroups, and organizational key. When we give it the full access it of course works but it is not a solution, because the users need to be retricted.
What are we missing?
Thanks
Answer:
This may not be the authorization failure that is causing the problem. SAP HR performs a large number of check before the program stops and tells you you are not authorized. This SU53 may be the last failure which is what SU53 reports it may not be the one that stops the code.
If it is correct then contact SAP.
Answer:
I have been struggling with a similar problem in our 4.7 system for some time: Is the employee you are accessing through PT60 on the default position (99999999) or indeed a default Org key? we were being asked for cross system auths whenever an employee was on the default position. Had to play around with the HR central authorisation switches - Table T77S0 t_code OOAC.
As John says this SU53 will be one of many - run the failing user through the process again while tracing it in ST01.
Answer:
The employee is not on a default position or a default org key, and I did trace the process but nothing significant comes up on the trace.
Answer:
Do you have structural authorization profiles assigned?
If so, it could be an error on soemthing that is defined outside of the allowed range. I have seen this error many times before, and it usually results in a code change. IF you run the trace again, but add SAPALL to the user id, you will know if it is an authorization error if:
the error does not occur with SAP all assigned.
you can get further than you did before you had SAP ALL assigned.
If you get the error even with SAP ALL assigned, I would contact SAP, or ask ABAP for some debugging help.
Answer:
I have exactly the same problem.
It is an authorization problem with object P_orgincon. When I try this without context senistive authorization, it works fine.
How to Earn Rs.25000 every month in internet without Investment?
HR Authorization restriction
Labels:
Sap HR - Faqs
Subscribe to:
Post Comments (Atom)
topics
-
▼
2007
(1406)
-
▼
November
(1359)
- Free Download SAP FI Certification study pdf books
- Implementing SAP R/3 on OS/400
- Update SAP Kernel in UNIX based
- Security Audit Log (BC-SEC).pdf
- Security Audit Log.pdf
- Securities,pdf
- Secure Store & Forward / Digital Signatures (BC-SE...
- Secure Network Communications (BC-SEC-SNC)
- Free download use ful T-codes
- I did not find any OSS notes appropriate for my pr...
- How to apply OSS notes number?
- What is OSS Notes number?
- Where can i access SAP OSS?
- WHAT IS OSS
- Disaster Recovery Plan to Restore Production System
- Steps to Install SAP Note in sap
- Difference Between SAP Notes and Support Package
- Question : Subject : Support packages testing
- Five Different "User Type"
- How to solve the Time Zone Definition Problems?
- Setting the User Decimals Format
- Schedule Manager
- Various Important SAP Basis T-Code
- Trace Functions in sap
- System Trace: Error Analysis in sap
- System Trace(ST01) in sap
- Roles and Authorizations Used in Background Proces...
- Deleting Multiple Spool Requests Simultaneously in...
- Logging and Tracing in spool
- Print and Output Management in spool
- Background Job Monitoring Monitor in CCMS
- Monitoring the Database Using the Alert Monitor
- Monitoring the Operating System Using the Alert Mo...
- Monitoring Memory Management Using the Alert Monitor
- Method Dispatching Monitor in CCMS
- Remote Application Server Status Monitor in CCMS
- GRMG Self-Monitoring Monitor in CCMS
- CCMS Selfmonitoring Monitor for System-Wide Data i...
- Logfile Monitoring Monitor in CCMS
- Logon Load Balancing Monitor in CCMS
- Transaction-Specific Dialog Monitor in CCMS
- Workload Collector Monitor in CCMS
- System Errors Monitor in CCMS
- System Configuration Monitor in CCMS
- Syslog Monitor in CCMS
- Spool System Monitor in CCMS
- Security Monitor in CCMS
- Performance Overview Monitor in CCMS
- Operating System Monitor in CCMS
- Filesystems Monitor in CCMS
- Entire System Monitor in CCMS
- Monitoring the Enqueue Service in CCMS
- Dialog per Application Server Monitor in CCMS
- Dialog Overview Monitor in CCMS
- Database Monitor in CCMS
- Transactional RFC and Queued RFC Monitor in CCMS
- Communications Monitor in CCMS
- Buffers Monitor in CCMS
- Background Job Monitoring Monitor(CCMS)
- Background Processing Monitor(CCMS)
- Availability and Performance Overview Monitor (CCMS)
- SAP CCMS Monitor Templates Monitor Set
- Creating and Changing a Monitoring Pause(CCMS)
- Creating and Changing Monitoring Rules(CCMS)
- Configuring Availability Monitoring(CCMS)
- Update Repositories(CCMS)
- Displaying Central Performance History Reports(CCMS)
- Displaying Report Properties
- Scheduling and Executing a Report
- Variables in Group Names
- Creating a Report Definition(CCMS)
- Maintaining Collection and Reorganization Schemata...
- Maintaining Collection and Reorganization Schemata...
- Creating and Editing a Calendar Schema(CCMS)
- Creating and Editing a Day Schema
- Customizing the Alert Monitor(CCMS)
- Resetting MTEs and Alerts(CCMS)
- Reorganizing Completed Alerts(CCMS)
- Display Completed Alerts(CCMS)
- Automatically Complete Alerts(CCMS)
- Completing Alerts(CCMS)
- Starting Methods (CCMS)
- Processing Alerts(CCMS_
- Displaying the Technical View: Central Performance...
- Displaying the Technical View: Threshold Values(CCMS)
- Displaying the Technical View: Status Autoreaction...
- Displaying the Technical View: Status Data Collector
- Displaying the Technical View: Method Allocation
- Displaying the Technical View: Info on MTE
- Display Types and Views of the Alert Monitor(CCMS)
- Properties of Status Attributes (CCMS)
- Properties of Performance Attributes(CCMS)
- Properties of Log Attributes (CCMS)
- General Properties of Monitoring Tree Elements(CCMS)
- Properties of Monitoring Objects and Attributes
- Elements of the Alert Monitoring Tree
- Alert Monitoring Tree(CCMS)
- Monitors(CCMS)
- Monitor Sets (CCMS)
- Elements of the Alert Monitor (CCMS)
-
▼
November
(1359)
No comments:
Post a Comment