07-27-2009 3:53 PM
Friends,
I assgined he PD profile to postion (4000161) by following below steps.
1. PO 13 updated the position 4000161 with PD profile ZHRPD and saved it.
2. SA38 ->.> executed RHPROFL0 for 4000161 position by selecting check box "Generating Auth Profiles for PD authorization"
3. T77UA did get populated with ZTRAIN70 ID for new user
Tested the profile assignement, it is working fine for OU.
However, I am not sure how can I revoke this by running the RHPROFL0 report.
I ran the report RHPROFL0 again by selecting Delete Mannually maitained Auth profiles and selecting
PD authorization checkbox only BUT it did not remove or revoke anything for ZTRAIN70 user and his position 4000161
Can someone please guide me how can I revoke or unassign the PD profile for this user?
Thanks,
From
Pranav
07-27-2009 7:23 PM
Hi Pranav,
If you manually maintain a T77UA entry for a user via OOSB, and if you want to delete that entry and only maintain the PD assignment through Position (or ORG, if maintained), then you should check the PD profile under 'Delete Manually Maintained Authorization'. This option only works when the PD profile is also checked under "generate authorization profiles'.
Hope this clarifies
Abhishek
07-27-2009 5:45 PM
07-27-2009 5:59 PM
Hi Pranav,
Remove the PD profile from the position and run RHPROFL0 for the position with only 'generate authorization profiles' with PD authorizations checked. This will remove the PD profile from T77UA
Thanks
Abhishek
07-27-2009 6:03 PM
Hi Abhishek
Do I need to check anything for Delete Manually Maintained Authorization?
Please let me know.
From
Pranav
07-27-2009 7:23 PM
Hi Pranav,
If you manually maintain a T77UA entry for a user via OOSB, and if you want to delete that entry and only maintain the PD assignment through Position (or ORG, if maintained), then you should check the PD profile under 'Delete Manually Maintained Authorization'. This option only works when the PD profile is also checked under "generate authorization profiles'.
Hope this clarifies
Abhishek
07-27-2009 8:03 PM
Thanks, as per log it did work. Now ZTRAIN70 does not exists in T77UA.
Just a quick check-
We are trying to implment the Structural Auth for Performance Manangment module ( PM)ONLY.
As per SAP Document, it is only requesting to add ZHRPD ( PD profile) to P_HAP_DOC auth object in the Role and
have User Added to T77UA table.
My question is -
Do I have to attach PD profile for Position in PO13? Can I just add user directly to the table T77UA mannually?
Woud that work? We are position based security but the document does not mention any thing about it.
Pleaes advise.
Thanks again.
From,
Pranav
07-27-2009 8:38 PM
Technically, an entry in T77UA would do the trick, be it coming from Position or be it a manual entry in the table. I think T77UA is a table which allows update when the client setting is set to production. So, access to OOSB should suffice.
Assigning at the position helps the overhead of PD profile maintenance on a position change for any user, as they will inherit the role and PD profile through RHPROFL0. Manually maintaining it will just need an extra step.
Likewise, if you get users who are not part of the ORG and need a PD profile, a manual entry might be needed in such cases
Just remember, no entry in T77UA defaults a users PD profile to user SAP*
Cheers
Abhishek
07-27-2009 9:16 PM
> Just remember, no entry in T77UA defaults a users PD profile to user SAP*
To tweak the comment a bit: it defaults to the PD profile of SAP* if none is found for the employee themselves, which might also include contractors maintained in HCM.... SAP* does not have to have * type structural authorization access. It only means that if you activate it and don't maintain any PD profiles, you are not impacted.
It is a little bit like like SAP* & SAP_ALL in the normal authorization concept - you can modify the authorizations behind the profile as well if you want to, or disable the user completely.
Cheers,
Julius