cancel
Showing results for 
Search instead for 
Did you mean: 

ESS and MSS appraisal question

Former Member
0 Kudos

Hi guys

We have created two roles for appraisal - one for ESS and one for MSS. Each of them have a structural profile attached to them in P_HAP_DOC:

1) ESS role has the ESS structural profile in OOSP, and

2) MSS role has the MSS structural profile. Both have corresponding authorisation values for appraisal templates.

We assign these two roles and profiles to the user, and we expect that the system distinguish that one of the profiles should just be used in the ESS and the other be used in MSS. However, according to SAP this is not possible, because system cannot distinguish that one profile should be used for one role and the other for the other role.

If the user has authorisation to the template (via ESS role), then the user will get the same authorisation to the same template in MSS as well even though this is not allowed. Because according to SAP, system will not know if the user is accessing this template in MSS or ESS, therefore the user receives the authorisation in both Manager and Employee Desktop, which is normal, said SAP.

Our P_HAP_DOC should be correctly configured with the corresponding structural profiles, and we are using HAP00/AUTHO. User is assigned to both MSS apprisal role and ESS appraisal role, and he also has the structural profiles for both ESS and MSS in the OOSB table. The recommendation we received is that, we can control that for example for a froup of employees documents based on one template can just be displayed, and that for another group of employees these documents based on the same template can be also changed. <<<---- so here comes my question: How can this be done?

Accepted Solutions (1)

Accepted Solutions (1)

Former Member
0 Kudos

Based on the recommendation, you will have to distinguish between template maintain and display access. In the profile for object type VA, enter the appraisal id and don't tick the maintain tickbox. This gives users "display only" access for those templates.If you want to give "maintain"access for some employees, tick the "maintain"tickbox for VA.

Hope this helps.

Former Member
0 Kudos

Hello Pavana

Appreciate your reply, but unfortunately it doesn't help.

This specific template which we have problem with is the course appraisal template (LSO). Appraiser of this template is ESS user. Manager doesn't (or should not) get access from the Manager Desktop. But manager can access to this template only when he goes to his own ESS Desktop as an employee with a normal ESS role.

Assumed the template is called 50000123.

In the ESS profile, we give the maintenance access to VA 50000123 with the tick.

In the MSS profile, because the manager shouldnt even have access to this template, therefore we didn't even have this specific template included in the manager's profile.

In my original message, I mentioned that if the user has access to the template (e.g. in ESS role), then the user will get the same kind of access as well to the same template in MSS desktop although it is not given in the structural profile. Because SAP system cannot distinguish which profile is used in which role, and the system doesn't know if the user is accessing the template in MSS Desktop or ESS Desktop. I know this one is tricky.. but SAP has recommended that we can still somehow control that, for example for a group of employees documents based on one template can just be displayed, and that for another group of employees these documents based on the same template can be also changed. I just don't know how can this be done. Does it sound like it needs some settings from the appraisal itself, or do we need to use a different/new authorisation object?

Former Member
0 Kudos

Did you try removing the object type VA from both the manager's role + pd profile? I haven't tested this theory as we don't do appraisals via portal.

To meet your requirements, you can have this object type only in the ESS role+ PD profile and create profiles to give "maintain" or "display" access for specific group of people.

Answers (2)

Answers (2)

Former Member
0 Kudos

Help provided by SAP. Standard authorisation check doens't work for this scenario. You will need user exit instead.

Former Member
0 Kudos

Interesting scenario.

However, one thing that I'm not clear on is why do you have to assign a structural profile to ESS users?

ESS users should be able to view/change their own IT0025.

Managers on the other hand should be able to appraise their employees so to view people in their org structure, only managers need a structural profile.

I believe this should resolve your issue about maintaining multiple PD profiles.

Former Member
0 Kudos

Hi Kiran

ESS users need somekind of profile because we have switched on HAP00/AUTHO. If we don't assign the ESS structural profile, then the system will not let it through (it would ask for PROFL=ALL or PROFL=* in the trace) for P_HAP_DOC object.