03-26-2010 4:24 PM
Hi all,
We have a requirement to restrict payroll admin to run payroll only for a specific pay scale group. I've created custom auth.object (since I didn't find auth.object for payscale group) and assign to the user, but how do we make this work without changing on standard HR program (i.e. tcode PA30) ?
Or is there any other to apply the restriction to payscale group ?
Really appreciate ny useful feedback.
03-28-2010 5:57 AM
PS group is part of IT 0008 and 1005 (as much as remember). There is no standard object available and so you have found the right approach i.e. creation of Custom authorization Object for this. There are some dependencies on using custom auth. obj. in HR. Try to follow the below steps:
1. Use Tcode PM01 to define the fields of Pay Scale (PS Group, Level, Band etc.) in IT 0001. Without defining any field in IT 0001, you won't be able to use them in HR authorization check. Please search help.sap.com with PM01 to get the details of doing this.
2. In this tcode, you can make these fields available to view in 0001 IT also so that while searching data for users, you will be able to see this specific data in PA30.
3. After defining the fields in 0001 IT, you need to create the Custom authorization object by using SU21 and ass these fields along with the mandatory fields.
4. Start report RPUACG00 and follow the steps to generate the code for this object.
5. set the authorization switch for Custom Authorization in HR to 1. i.e. NNNNN = 1
6. Assign the new authorization object to set of TCodes for which you want to segregate values in Profile Generator.
Hope this helps else let me know.
Regards,
Dipanjan
P.S.: In some of the above steps, you will need Developer access key.
03-28-2010 5:57 AM
PS group is part of IT 0008 and 1005 (as much as remember). There is no standard object available and so you have found the right approach i.e. creation of Custom authorization Object for this. There are some dependencies on using custom auth. obj. in HR. Try to follow the below steps:
1. Use Tcode PM01 to define the fields of Pay Scale (PS Group, Level, Band etc.) in IT 0001. Without defining any field in IT 0001, you won't be able to use them in HR authorization check. Please search help.sap.com with PM01 to get the details of doing this.
2. In this tcode, you can make these fields available to view in 0001 IT also so that while searching data for users, you will be able to see this specific data in PA30.
3. After defining the fields in 0001 IT, you need to create the Custom authorization object by using SU21 and ass these fields along with the mandatory fields.
4. Start report RPUACG00 and follow the steps to generate the code for this object.
5. set the authorization switch for Custom Authorization in HR to 1. i.e. NNNNN = 1
6. Assign the new authorization object to set of TCodes for which you want to segregate values in Profile Generator.
Hope this helps else let me know.
Regards,
Dipanjan
P.S.: In some of the above steps, you will need Developer access key.
03-28-2010 8:41 AM
Thanks Dipanjan,
So the PM01 is the key here. I've tried to execute RPUACG00 but keeps getting error saying the field TRFGR is not . So it have to be available in infotype P0001view.
I'll try your suggestion, will inform you asap once it works...
03-29-2010 5:57 AM
Hi Di,
After I generate program RPUACG00: now all standard HR tcode PA20, PA30 error and I seeing an error code in include program:
There is missing statement before the first and...how could this happen?
if
and p_infty = infty
and p_authc = authc
.
Please help....thanks
03-29-2010 10:58 AM
After you generate the code by executing the report make sure to add this new custom Auth. Object to all the roles where ever these Infotypes and their maintenance can happen. Otherwise you will get error for missing authorization. Please search in help.sap.com for Custom Authorization Objects in HR.
Let me know for any more confusion.
Regards,
Dipanjan
03-29-2010 12:34 PM
Thanks Dipanjan,
But actually the error I got is not missing authorization problem. The authorization works fine as expected.
Anyway, the PA30 and other standard tcodes can be run without shortdump at startup now, but it happens when user display IT0001 data...
have you ever experience the same issue?
03-29-2010 12:37 PM
I was explaining the same as you got. You need to assign the Custom object to the roles and add IT 0001 in through that object to the role and eventually users will get access to it. Hope this helps.
Regards,
Dipanjan