12-16-2009 11:28 AM
For implementing "Context Autorization" the following steps are done:
Requirements:
Not via transction OOSB but via the autorization roles, object code P_ORGINCON, field = PROFL, So table T77UA and T77PR is not neccessary, only Filling table T77UU
ECC/HCM 5.0
1. BADI HRBAS00_GET_PROFL is changed with last statement OUTFLAG = "X", so now via P_ORGINCON
2. 0HR_PA_2 / 3 are activited
3. running RHBAUS02 the T77UU table is filled with users who has the P_ORGINCON object
for example:
user
00000103
00000104
00000105
4. running RHBAUS00 (Into the INDX database)
for example:
user Objects
00000103 152
00000104 4
00000105 17
5. Extracting the INDX database with RSA3, all the users has the profile "ALL" and NOT the profiles in the INDX datbase
for example:
three records are extraxted with the following values:
caldate usersname from date to date profile
16122009 00000103 01.01.1900 31.12.9999 ALL
16122009 00000104 01.01.1900 31.12.9999 ALL
16122009 00000105 01.01.1900 31.12.9999 ALL
These profiles are not the good one, because for the users above the profiles are for P_ORGINCON
00000103 --> ZHRCONSULTANT and ZHRMANAGER
00000104 --> ZHRREGIOZUID
00000105 --> ZHRREGIONOORD, ZSECRETARESSE
Please can anyone explain this ? and what I'M doing wrong.
SAP issue ?
I'm looking forward.
Joop Jongen.
SAP Security Consultant
Edited by: Joop Jongen on Dec 16, 2009 12:46 PM
Edited by: Joop Jongen on Dec 16, 2009 12:47 PM
12-18-2009 3:55 AM