Transaction CADO (program CATSSHOW) with PD author...

Former Member · ‎04-28-2009

We have PD authorizations active on system, then users are filtered on HR reports by hierarchy.

User need to see all times recorded on CADO for all employes.

User do not have autorizations fault on transaction ST01 trace.

How can i bypass PD autorizations on transaction CADO (CATSSHOW)?

Former Member · ‎04-29-2009


> How can i bypass PD autorizations on transaction CADO (CATSSHOW)?

Remove the user on the defined PD. User should not be in OOSB or table T77UA.

Former Member · ‎04-29-2009

Thanks for your reply, but we want that the user are filtered by the structures of PD in other transactions of HR. But only in transaction CADO we want that he has access to all the employees records.

Former Member · ‎04-29-2009

John,

Thats what I was thinking, removing the entry from T77UA is not a good idea as it will open other infotypes too. It will work, however, the problem is it will work for all !

João, you need a new PD profile that will capture the evaluation path of the ORGs you want, in this case all orgs. Use PD profile ALL as a template. Maintain this new PD profile in p_orgincon for the restricted timesheet infotypes. Also assign this to the user position and run profl0 for a new entry in T77UA for that user. This should give the access.

Thanks

Abhishek

Former Member · ‎04-29-2009


> Thanks for your reply, but we want that the user are filtered by the structures of PD in other transactions of HR. But only in transaction CADO we want that he has access to all the employees records.

You just can't please everybody


> John,
> Thats what I was thinking, removing the entry from T77UA is not a good idea as it will open other infotypes too. It will work, however, the problem is it will work for all ! 
> 
> João, you need a new PD profile that will capture the evaluation path of the ORGs you want, in this case all orgs. Use PD profile ALL as a template. Maintain this new PD profile in p_orgincon for the restricted timesheet infotypes. Also assign this to the user position and run profl0 for a new entry in T77UA for that user. This should give the access.
> 
> Thanks
> Abhishek

I agree with Abhishek, give this a shot. I was just being to literal on your initial questions.

Former Member · ‎05-04-2009

There are possibility of use authorization object P_ABAP, using field COARS = 2, to the degree of simplication for the authorization check in HR Reporting on CADO transaction? In positive case, how can i configure this, and where?

If this works was the best to open PD filter only in CADO transaction.

Former Member · ‎05-04-2009

If deleting an entry from T77UA is a risk of opening other infotypes for that user, then this method of P_ABAP is a risk of opening the report for the entire role. Are you sure you really want to do something like this (if you can) to a timesheet report?

What is the harm in creating a PD profile? You can very well control the PD profile to the user level. Making it even more secure, even if the role has access to the PD profile, without an entry in T77UA the user wont be able to access anything outside.

Former Member · ‎07-07-2010

We had the same requirement. I used CATS_DA with the BADI enhancement point. See SAP sample Classic BAdI CATS_REPORTING_IMP01. I copied RCATS_DISPLAY_ACTIVITIES to ZRCATS_DISPLAY_nnnnn (program title must contain RCATS_DISPLAY for the BADI to be executed). In the interface IF_EX_CATS_REPORTING~AUTH_CHECK_CATS_CLASSIC I added an authorization check for P_ABAP using my custom program name. Worked great.

Transaction CADO (program CATSSHOW) with PD authorizations