Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Showing results for 
Search instead for 
Did you mean: 

PA40 - no delete

Former Member
0 Kudos

How do i grant aceess to PA40, but no access to delete any actions?

6 REPLIES 6

Former Member
0 Kudos

Hi Vaishali,

Below are the authorization object through which you can restrict the access of this tcode:

PLOG

P_ORGIN

P_PCLX

P_PERNR

Check for the field" AUTHC" on above objects and restrict them accordingly. Also easier way is to give full access of this tcode to a role and assign it to the testId. Now run a trace on the testID and find out which auth. objects are getting checked while you are performing deletion activity.

0 Kudos

This message was moderated.

0 Kudos

Franklin,

sorry to say this: but the OP would find it useful to know how to check the documentation on the authorization objects. rather than copying what exists in SAP,i think it would help if you guide the on the usage of SU24 (or) auth_switch_objects

0 Kudos

Hi Vaishali,

The above Tcode will provide access to different infotype, you need to verity which are the info type you need to have access, you may get info from HR consultant. The Tcode will check for standard object check P_ORGIN, you can restrict the athoirsation only to display using AUTH = M,R. You may need P_ORGXX if your system is enabled for extended auth check.

If yes above AUTH values should be added with same info type and other customizing values.

Regards

Arul

Former Member
0 Kudos

Vaish,

You can restrict on user group

u need to chk the user group....go o own data --> Parameters --> UGR

or.

Make the user unable to see list of actions in Pa40 (i.e only certain actions he need to see). if this not accomplished thru security then try to Configuration.

Thanks,

Sri

0 Kudos

Hello Vaishali ,

You can create 2 instances of Authorization objects P_ORGINCON and P_ORGXXCON

In the first instance only grant access with R, M for field AUTHC with INFTY infotype 0000 (actions) with subtype *

And in the second instance you can provide the access for all the infotypes as per your requirement.