03-18-2009 9:57 AM
Hi,
Apologies if this is a simple question. We are implementing structural authorisations to be used by MSS users. This is my first exposure to both HR and structural authorisations so I'm treading water a bit.
I've created a structural authorisation for MSS based on OOSP (Org Unit, Org Unit, Position, Person) using Function Module RH_GET_MANAGER_ASSIGNMENT.
This works fine in relation to restricting managers to only being able to view employees within their own org unit, but they are now unable to approve timesheets via their 'My Tasks' tab in the Portal. The message being returned is that they do not have the authorisation. However this works when structural authorisations are not present.
I have no idea how to trace or identify authorisation issues associated with structural authorisations. Any help in identifying what the problem could be would be greatly appreciated.
Thanks.
03-18-2009 10:15 AM
Hi,
Please try to trace the authorizations using the ST01 with the options RFC and Authorization check enabled for the user.
Also these are the infotypes which are related to time, please make sure that the manager has authorization for them.
0007 Planned Working Time
0050 Time Recording Info
0107 Working Time B
0315 Time Sheet Defaults
0416 Time Quota Compensation
0552 Time Specification/Employ
0597 Part Time Work During Par
2005 Overtime
2011 Time Events
2012 Time Transfer Specificati
2501 Employee Time and Labor D
3208 Time Account Status
3893 Time Account Status
Regards,
Gowrinadh
03-20-2009 12:18 AM
Hi Nick,
Believe me, nothing in Structural is simple! 😛
We are also trying to implement structural here, and its very complex. Am not yet an expert, but lets try to help each other out.
When you say this works when stuructural auth is not present, do you mean that the structural swtich is off?
When the structural switch is turned on,P_ORGIN along with P_ORGINCON is checked together (Depends on the switch settings in OOAC).
Did you also make sure that the you have also included P_ORGINCON with the same infotypes as defined in P_ORGIN? If not, this could be a starting point to get the access right. Maybe you can give access to all evaluation paths for test purposes right now ( give * in Authorization Profile in p_orgincon )
Please make sure that p_orgin has the proper access for the infotypes first. Let us know what the trace is showing. normally hr traces are not straight forward, just make sure the proper infotypes are present.
Let us know if this works..
Thanks
Abhishek
03-24-2009 2:37 PM
Hi Abhishek,
Thanks for the response. I've looked at the DFCON value in OOAC and that is currently at '1'.
We have, hopefully, resolved part of this by including activating 'Main't within our MSS structural authorisation so that this can reference table T77FC and do the approval. I still think there's some work to be done in bringing in the contextual authorisations and so will be adding P_ORGINCON to the MSS role.
Cheers,
Nick.
03-24-2009 9:00 PM
Cool
Did you also create a structural authorization with function module RH_GET_MANAGER_ASSIGNMENT for this?
Thanks
Abhishek
03-29-2009 12:07 PM
Hi Abhishek,
Yes created it with that function. We have also added in the P_ORGINCON object to the MSS role. Everything seems to be functioning properly now.
Cheers,
Nick.