07-08-2010 8:45 PM
Friends
I am trying to restrict my Roles to PA 1000.
I confirm that all the P_ORGINCON value has PA value assigned to 1000.
However, I have noticed some of the Roles that are used by other users in other PA, has Org Assignment value left
empty but has specific PA value ( 1020 example) in P_ORGINCON.auth object.
Does the Org assigment vaule " " (empty) for PA overrides the specific value for P_ORGINCON in the Role? Please advise.
Thanks,
PT.
07-08-2010 9:07 PM
HR did not always use the DUMMY construct as it was intended.
Depending on which release you are on it will work differently, but generally you can assume that the checks will be fullfilled with a ' ' value in the authorizations.
Of course you can test it and then let us know how it works on your release...
Cheers,
Julius
07-08-2010 9:07 PM
HR did not always use the DUMMY construct as it was intended.
Depending on which release you are on it will work differently, but generally you can assume that the checks will be fullfilled with a ' ' value in the authorizations.
Of course you can test it and then let us know how it works on your release...
Cheers,
Julius
07-08-2010 9:08 PM
07-08-2010 9:22 PM
Hi you have extended context sensitive object:
I doubt if the personnel area in HR appears as an organization level.
when you are using P_ORGINCON the necessary switch should be on at the system level
pay attention to maintain the PA same in P_ORGXX, P_ORGXXCON
P_pernr & P_orgin.
Also check to see if the role can be generated if the Organization level is not maintained, that the authorization tab for such roles will be yellow.
I would also agree with Julius instruction.
From what I understand this is an authorization object and PA should
be maintained appropriately
let me if I have understood your question correctly, I am thinking PA- is personnel Area in your case...!
07-09-2010 2:14 AM
Hi Pranav,
However, I have noticed some of the Roles that are used by other users in other PA, has Org Assignment value left
empty but has specific PA value ( 1020 example) in P_ORGINCON.auth object.
Does the Org assigment vaule " " (empty) for PA overrides the specific value for P_ORGINCON in the Role? Please advise.
You are talking about organizational key (VSDK1),then it should either get filled from org assignment infotype(0001) or you need to enter manually.
We can assume at org assignment infotype(0001),the value is mentioned as " " .
go thru the link : http://help.sap.com/saphelp_470/helpdata/en/17/4bba3b3bf00152e10000000a114084/content.htm
Thanks,
Sri
07-09-2010 2:56 AM
Sri,
I was referring to Org Assignment value for PA (PERSONAL AREA) having empty in role Vs manually entered value in P_ORGINCON Auth. Object.
VDSK1 is not the issue.
Pranav
_________________
07-09-2010 4:48 AM
Pranav,
However, I have noticed some of the Roles that are used by other users in other PA, has Org Assignment value left
empty but has specific PA value ( 1020 example) in P_ORGINCON.auth object.
Does the Org assigment vaule " " (empty) for PA overrides the specific value for P_ORGINCON in the Role? Please advise.
If NULL / DUMMY is present then it will not override, but NULL can give access to empty fields (from functional side).
Disavantage with maual : Let say you have three objects for PA in a role
A , B , C objects
PA PA PA Org assignments
You entered
manually in A (even for B & C you need to enter manually, it will not pull values automatically).
Thanks,
Sri
07-10-2010 10:29 PM
Sri,
Thanks for your response.
Here is the trace logs.
Below are the successful checks which should not be the case.
17:15:51:489 AUTH - - - P_ORGINCON RC=0 INFTY=0001;SUBTY=' ';AUTHC=R;PERSA= ;PERSG= ;PERSK= ;VDSK1= ;PROFL= ;
17:15:51:490 AUTH - - - P_ORGINCON RC=0 INFTY=0001;SUBTY=' ';AUTHC=R;PERSA= ;PERSG= ;PERSK= ;VDSK1= ;PROFL= ;
I checked All the roles and profiles for the P_ORGINCON in SU56 and RHUSERRELATIONS.
There is no where I see vaule empty defined for other fields of P_ORGINCON fior infotype 0001.
Any thing, I should check from your experience? Please advise.
Thanks
Pranav
07-11-2010 3:25 PM
Guys,
I refer to the link as well and not able to find any answer as well.
Thanks,
pranav
07-11-2010 11:41 PM
Pranav,
Previously you have mentioned that you have some roles with empty and some roles with value. will that override. experts have given you answers.
Now you hvae comeing up saying , I dont find empty values.
AUTHC=R;PERSA= ;PERSG= ;PERSK= ;VDSK1= ;PROFL= ;
17:15:51:490 AUTH - - - P_ORGINCON RC=0 INFTY=0001;SUBTY=' ';AUTHC=R;PERSA= ;PERSG= ;PERSK= ;VDSK1= ;PROFL= ;
I guess these values are getting pulled from Org assignment infotype 0001.
If this not the answer you looking for,then reframe your question.
Thanks,
Sri
07-12-2010 12:00 AM
Hi Sri,
I tried puttig the values in Org assigment for PA 1000 , Org key 2000 and Plan version 01 in ALL the roles also but still I am getting the Trace for empty values and Report does give me the results for PA 1020 Org key 3000 and other Personall Areas.
Please let me know if you still need explaination.
If you have an email, please let me know, I will send you the Role in attachment.
Pranav Thaker.
______________________________________________
07-12-2010 1:21 AM
Pranav,
what did you mention in PROFL?
I guess there is no DATA present for org assignment.
2. Internally we dont know how auth check taking place.
Thanks,
Sri
07-13-2010 7:15 PM
07-14-2010 12:30 AM
Hi Sri,
One thing I noticed.
The customized report zpatc_cost_hire report is checking for the SAPDBPNP report and COAR -=2 Value.
The profile that has this Customized T code ( zpatc_cost_hire) has, P_ABAP Auth object with SAPDBPNP report with COARS=2 value.
Do you think this might be the issue?
Pranav
07-14-2010 12:49 AM
Hi Pranva,
First of all you check,whether data exist for PA 1020 Org key 3000 . Since trace report shows ; for remaining fields.
2. Talk to your HR developer,is that the cause for error.?
Thanks,
Sri