Restrict Users at Personal Sub Area level

Former Member · ‎02-11-2009

Hi Experts,

I am facing problem in restricting the users to access personal sub area Auth in a Tx: PA40.

I had created a new aurth object with u201Cauth fieldsu201D containg the Personal Sub Area filed.

And added the Auth object to Tx : PA40.

But it is not checking the Auth Oject at all. I am not sure if some Authority-check needs to be coded.

Details of the Requirement:

I have already restricted them at personal area level. I need to restrict the users in the Personal Sub Area level.

Requirement :

For eg. only users whos are assigned to 1100 personal area and 1101 pesonal sub area, should be able to create/change the 1101 personal sub area level employees only they should not be able to access to create/change the other personal sub area level 1102,1103 of employees.

Personal Area Personal Sub Area

1100 -

> 1101 (Access)

1100 1102 (Restrict)

1100 1103 (Restrict)

Difficulty:

Non of the auth objects provided by SAP in su24 contain the HR Personal Sub Area as field.

Please give me your suggestion to overcome this.

Thanks & Regards,

Praveen Merugu

Former Member · ‎02-11-2009

Hi Praveen,

If you want to that authorization object of personal sub area level should be checked while executing tcode PA40 , then you need to maintain authority check statements in code of PA40 with the help of abaper.

Also make check/maintain in Su24 .

Regards,

Sneha

Former Member · ‎02-11-2009

Hi Sneha,

I need the authorization restrict level while executing the Tx: PA40 or performing any other personal sub area level activities.In any case i require the same.

I have already created a 'Z' authorizatoin object on BTRTL level and assigned the same to PA40. But still unable to block.

Checked/maintained z object in SU24.

Please do advice in brief.

Thanks in Advance.

Regards,

Praveen Merugu

Former Member · ‎02-11-2009

Hi Praveen,

Have u updated authority check statments in code for z- authorization object??

Regards,

Sneha

Former Member · ‎02-11-2009

Hi Sneha,

Yes, i have updated the check statement. Please find below message in SU24.

Maintained ZHR_PSA HR Personal Sub Area Check YS

Regards,

Praveen Merugu

former_member74904 · ‎02-11-2009

hi praveen,

just to be sure, have you activated the AUTSW-NNNNN in T77S0?

//dimitri

Former Member · ‎02-11-2009

Hi Praveen,

Hope you have updated authority check statment in abap code with help of abaper.

For e.g.

authority-check object 'S_ADMI_FCD'

id 'S_ADMI_FCD' field 'NADM'.

Regards,

Sneha

Former Member · ‎02-11-2009

Hi Dimitri,

In table T77S0 AUTSW-NNNNN is existing. Please let me know how to activate the same.

Regads,

Praveen Merugu

Former Member · ‎02-11-2009

Hi Sneha,

Yes, i have already activated the authority check.

Regards,

Praveen

former_member74904 · ‎02-11-2009

hi praveen,

if the custom object check (AUTSW-NNNNN) is not active, a 0 is displayed (by default). if you want to activate it, change it to 1.

good luck!

Former Member · ‎02-12-2009

Hi Dimitri,

Thanks for your immediate response.

I have changed the AUTSW-NNNNN value from 0 to 1. But while hiring an employee in Tx:PA40 when i am executing the same it is not going further and giving error : "No authorization to maintain Actions T1 exists ". Even in the profile i had mentioned T1 also. When i am changing the value from 1 to 0 it is not giving any error.

Please suggest as i am reaching at the nearest result.

Regards,

Praveen

former_member74904 · ‎02-12-2009

hi praveen,

I think doing an ST01 trace will get you closer to checking what actually makes the authority-check bounce.

from what I understand, you're saying that you entered the actions in your profile? actions cannot be authorized within a role (e.g. in a subtype field).

can you check the trace analysis and see where the check fails?

Former Member · ‎02-12-2009

This message was moderated.

Former Member · ‎02-23-2009

Hi,

I have successfully done this. It will not includes any development.I have executed one SAP standard report which needs develpment access from SMP. Applied the same and it works.

Thanks for your help in this regard.

Regards,

Praveen Merugu

Former Member · ‎03-03-2009

Hi,

This is to to update you, the restiction on personal sub area level is not working.

Which requires the users should have the authorisations of SAP_ALL.

Then only the restriction is working. I think i have not get complete result on this.

Please any one faced the related issue before, give me a suggestion.

Thanks in Advance.

Regards,

Praveen Merugu

Former Member · ‎05-13-2009

Hi,

Can you please paste the output of ST01 trace when you tried to perform with out sap_all and with sap_all.

Regards,

Gowrinadh

Former Member · ‎05-14-2009

hi

this is new requirement as they want to restrict the users at personal sub area.so they are asking me whether we can restrict at personal sub area or not??

thank you

regards

suresh kumar

Former Member · ‎03-03-2009

I am unable to restrice the users in personal sub area level.

Please help me on this.

Former Member · ‎05-13-2009

hi praveen,

Did you find any solution for this restricting the users at personal sub area level?because I am facing the same issue now.If you find any solution please let me know.

thank you

regards

suresh kumar