Solved: ESS role

Former Member · ‎06-08-2009

Hi,

I have functional spec to create ESS role and it says infotypes, how would i know under which auth obj i have to input these infotypes as field values because tcodes are not mentioned in the spec.

thx,

Lisa pl

Former Member · ‎06-09-2009

Hi,

Best approach would be to execute a systems trace to determine which info types are checked at runtime. Sometimes it is common sense as to what Info Types are being used... Example, an Employee is required to update their address in ESS... So they may require some write ability to infotype 0006...

Nathan

Former Member · ‎06-09-2009

Hi,

Best approach would be to execute a systems trace to determine which info types are checked at runtime. Sometimes it is common sense as to what Info Types are being used... Example, an Employee is required to update their address in ESS... So they may require some write ability to infotype 0006...

Nathan

Former Member · ‎06-09-2009

P.s The most common Auth Objects used with ESS/MSS functions are:

P_ORGIN

Occasionally PLOG

P_PERNR

Payslips may require some read ability to Payroll Clusters.

Nathan

Former Member · ‎06-09-2009

Hi Nathan,

How to execute a systems trace to determine which info types are checked at runtime.

FYI....ours is new HR ystems and yet to create roles.

Thx,

Lisa Pl

Former Member · ‎06-09-2009

Hi Lisa

Activate the trace in the system using ST01 capture all authorization objects and RFC checks. You will have to coordinate with HR functional consultant and get all the requirement. Apart from P_ORGIN,P_PERNR and PLOG there are services used so you may have to include S_SERVICE or S_ICF.You can look for SAP delivered ESS role copy the role into your namespace and modify the role as per the requirement.

thanks

santosh

Former Member · ‎06-09-2009

Hi Lisa

Activate the trace in the system using ST01 capture all authorization objects and RFC checks. You will have to coordinate with HR functional consultant and get all the requirement. Apart from P_ORGIN,P_PERNR and PLOG there are services used so you may have to include S_SERVICE or S_ICF.You can look for SAP delivered ESS role copy the role into your namespace and modify the role as per the requirement.

thanks

santosh

Santosh,

We will get S_SERVICE, S_ICF and other services from HR functional team and we need to add ths in menu by clicking on other button ? and these services added in menu in PFCg dont have link to the auth obj or infotypes we give in auth tab ( like we add tcode in menu and associated auth obj will trigger in auth tab ) ? I am clear on the auth obj added manually in auth tab and infotypes added in the fields provided by HR team and interested to know the services (who give services to us and how they are added)

Thx,

Lisa

Thx,

Lisa

Former Member · ‎06-09-2009

>


> Hi Lisa
> 
> Activate the trace in the system using ST01 capture all authorization objects and RFC checks. You will have to coordinate with HR functional consultant and get all the requirement. Apart from P_ORGIN,P_PERNR and PLOG there are services used so you may have to include S_SERVICE or S_ICF.You can look for SAP delivered ESS role copy the role into your namespace and modify the role as per the requirement.
> 
> thanks
> santosh
> 
> 
> Santosh,
> We will get S_SERVICE, S_ICF and other services from HR functional team and we need to add ths in menu by clicking on other button ? and these services added in menu in PFCg dont have link to the auth obj or infotypes we give in auth tab ( like we add tcode in menu and associated auth obj will trigger in auth tab ) ? I am clear on the auth obj added manually in auth tab and infotypes added in the fields provided by HR team and interested to know the services (who give services to us and how they are added) 
> 
> Thx,
> Lisa
> 
> Thx,
> Lisa

It will be the HR functional folks that will give you the ESS services. The security trace might display P_ORGIN, P_ORGINCON or P_ORGXXCON but you will only need P_PERNR.

Example of ESS Service to Info Types:

Address - sap.com/ess_usaddr/Per_Address_US - Info Type 006

W4 - sap.com/ess_usw4/Per_W4_US - Info Type 0210

Good luck.

Former Member · ‎06-09-2009

Lisa

For adding services you need to click on Authorization default button under Menu tab and then select the external services radio button, you will have to select the type of service like Web services/web dynpro services. What services are being used you will have to work with development/Portal team and functional and keep adding the services to the role.Trace log will also show the services used.

thanks

Santosh

Former Member · ‎06-09-2009

John and Santosh,

Got idea on the services now and coming to trace....when we do the trace on existing system we may get all the servces used in the company and the infotypes but what will be the log if we do trace on the new HR system built and ready to create the security role ?

Thx,

Lisa

Former Member · ‎06-09-2009

Note that S_SERVICE uses a "hash value" for the name. It is comparable to S_TCODE and the names themselves do not need to mean much to you...

Authorization fields have a limited length (40 characters in ABAP) and URLs are in general longer than this. So execute the service once to populate the lookup table, and then you can use the F4 in PFCG for it.

It is generally recommended to disable those which you don't use (e.g. those which are not in the hash table).

Cheers,

Julius

Former Member · ‎06-09-2009

Julius,

S_SERVICE uses the hash value ?

how to execute the service once to populate the lookup table ?

what is hash table and where will i see this.

Former Member · ‎06-09-2009

Lisa,

Do you have access to transaction SU21?

Do you have access to service.sap.com?

Do you have access to the F1 key on the keyboard?

Former Member · ‎06-11-2009

Hi Lisa.

Some reading on web services will be helpful, check this - [Web Services|http://help.sap.com/saphelp_nw04/Helpdata/EN/0d/2eac5a56d7e345853fe9c935954ff1/frameset.htm]

thanks

Santosh