02-11-2009 6:47 AM
Hi Experts,
I am facing problem in restricting the users to access personal sub area Auth in a Tx: PA40.
I had created a new aurth object with u201Cauth fieldsu201D containg the Personal Sub Area filed.
And added the Auth object to Tx : PA40.
But it is not checking the Auth Oject at all. I am not sure if some Authority-check needs to be coded.
Details of the Requirement:
I have already restricted them at personal area level. I need to restrict the users in the Personal Sub Area level.
Requirement :
For eg. only users whos are assigned to 1100 personal area and 1101 pesonal sub area, should be able to create/change the 1101 personal sub area level employees only they should not be able to access to create/change the other personal sub area level 1102,1103 of employees.
Personal Area Personal Sub Area
1100 -
> 1101 (Access)
1100 1102 (Restrict)
1100 1103 (Restrict)
Difficulty:
Non of the auth objects provided by SAP in su24 contain the HR Personal Sub Area as field.
Please give me your suggestion to overcome this.
Thanks & Regards,
Praveen Merugu
02-11-2009 7:14 AM
Hi Praveen,
If you want to that authorization object of personal sub area level should be checked while executing tcode PA40 , then you need to maintain authority check statements in code of PA40 with the help of abaper.
Also make check/maintain in Su24 .
Regards,
Sneha
02-11-2009 9:24 AM
Hi Sneha,
I need the authorization restrict level while executing the Tx: PA40 or performing any other personal sub area level activities.In any case i require the same.
I have already created a 'Z' authorizatoin object on BTRTL level and assigned the same to PA40. But still unable to block.
Checked/maintained z object in SU24.
Please do advice in brief.
Thanks in Advance.
Regards,
Praveen Merugu
02-11-2009 9:52 AM
Hi Praveen,
Have u updated authority check statments in code for z- authorization object??
Regards,
Sneha
02-11-2009 10:19 AM
Hi Sneha,
Yes, i have updated the check statement. Please find below message in SU24.
Maintained ZHR_PSA HR Personal Sub Area Check YS
Regards,
Praveen Merugu
02-11-2009 11:39 AM
hi praveen,
just to be sure, have you activated the AUTSW-NNNNN in T77S0?
//dimitri
02-11-2009 11:58 AM
Hi Praveen,
Hope you have updated authority check statment in abap code with help of abaper.
For e.g.
authority-check object 'S_ADMI_FCD'
id 'S_ADMI_FCD' field 'NADM'.
Regards,
Sneha
02-11-2009 4:28 PM
Hi Dimitri,
In table T77S0 AUTSW-NNNNN is existing. Please let me know how to activate the same.
Regads,
Praveen Merugu
02-11-2009 4:42 PM
Hi Sneha,
Yes, i have already activated the authority check.
Regards,
Praveen
02-11-2009 9:18 PM
hi praveen,
if the custom object check (AUTSW-NNNNN) is not active, a 0 is displayed (by default). if you want to activate it, change it to 1.
good luck!
02-12-2009 6:07 AM
Hi Dimitri,
Thanks for your immediate response.
I have changed the AUTSW-NNNNN value from 0 to 1. But while hiring an employee in Tx:PA40 when i am executing the same it is not going further and giving error : "No authorization to maintain Actions T1 exists ". Even in the profile i had mentioned T1 also. When i am changing the value from 1 to 0 it is not giving any error.
Please suggest as i am reaching at the nearest result.
Regards,
Praveen
02-12-2009 7:21 AM
hi praveen,
I think doing an ST01 trace will get you closer to checking what actually makes the authority-check bounce.
from what I understand, you're saying that you entered the actions in your profile? actions cannot be authorized within a role (e.g. in a subtype field).
can you check the trace analysis and see where the check fails?
02-12-2009 11:08 AM
02-23-2009 11:06 AM
Hi,
I have successfully done this. It will not includes any development.I have executed one SAP standard report which needs develpment access from SMP. Applied the same and it works.
Thanks for your help in this regard.
Regards,
Praveen Merugu
03-03-2009 11:31 AM
Hi,
This is to to update you, the restiction on personal sub area level is not working.
Which requires the users should have the authorisations of SAP_ALL.
Then only the restriction is working. I think i have not get complete result on this.
Please any one faced the related issue before, give me a suggestion.
Thanks in Advance.
Regards,
Praveen Merugu
05-13-2009 3:56 PM
Hi,
Can you please paste the output of ST01 trace when you tried to perform with out sap_all and with sap_all.
Regards,
Gowrinadh
05-14-2009 4:23 AM
hi
this is new requirement as they want to restrict the users at personal sub area.so they are asking me whether we can restrict at personal sub area or not??
thank you
regards
suresh kumar
03-03-2009 11:41 AM
I am unable to restrice the users in personal sub area level.
Please help me on this.
05-13-2009 1:05 PM
hi praveen,
Did you find any solution for this restricting the users at personal sub area level?because I am facing the same issue now.If you find any solution please let me know.
thank you
regards
suresh kumar