For implementing "Context Autorization" the following steps are done:

Requirements:

Not via transction OOSB but via the autorization roles, object code P_ORGINCON, field = PROFL, So table T77UA and T77PR is not neccessary, only Filling table T77UU

ECC/HCM 5.0

1. BADI HRBAS00_GET_PROFL is changed with last statement OUTFLAG = "X", so now via P_ORGINCON

2. 0HR_PA_2 / 3 are activited

3. running RHBAUS02 the T77UU table is filled with users who has the P_ORGINCON object

for example:

user

00000103

00000104

00000105

4. running RHBAUS00 (Into the INDX database)

for example:

user Objects

00000103 152

00000104 4

00000105 17

5. Extracting the INDX database with RSA3, all the users has the profile "ALL" and NOT the profiles in the INDX datbase

for example:

three records are extraxted with the following values:

caldate usersname from date to date profile

16122009 00000103 01.01.1900 31.12.9999 ALL

16122009 00000104 01.01.1900 31.12.9999 ALL

16122009 00000105 01.01.1900 31.12.9999 ALL

These profiles are not the good one, because for the users above the profiles are for P_ORGINCON

00000103 --> ZHRCONSULTANT and ZHRMANAGER

00000104 --> ZHRREGIOZUID

00000105 --> ZHRREGIONOORD, ZSECRETARESSE

Please can anyone explain this ? and what I'M doing wrong.

SAP issue ?

I'm looking forward.

Joop Jongen.

SAP Security Consultant

Edited by: Joop Jongen on Dec 16, 2009 12:46 PM

Edited by: Joop Jongen on Dec 16, 2009 12:47 PM