Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Changing the COARS entry for SAPDBPNP in object P_ABAP

Former Member

‎08-12-2010 5:09 PM

0 Kudos

Hi All,

I have identified a problem within transaction PC00_M08_CEDT, that when users with structural authorisations assigned, are trying to view a rem statement for a user attached to a leaver position they recieve an error message stating that an authorisation is required for object P_ABAP program SAPDBPNP degree of simplification value 2.

Adding this authorisation to the role resolves the issue, but I have concerns that this change will override the structural authorisation check in all ABAP reports.

Does anyone know if this will override the structurals and if so is there an alternative method of solving the problem.

Thanks

Simon

4 REPLIES 4

Former Member

‎08-13-2010 12:41 AM

0 Kudos

Hello Simon,

putting P_ABAP in a authorisation role, in particular with SAPDBPNP and simplification 2, will open up all reports based on logical database PNP/PNPCE.

I suggest to add the leaver position (I guess that will be 99999999) as a root object to the structural profile of the user.

Also run a full trace on the user authorisation with transaction ST01 that will show if the user misses authorisations for certain infotypes. If that is the case it might be as simple as adding authorisation for these infotypes (probably in object P_ORGIN or P_ORGINCON).

Best regards

Karsten

Former Member
In response to Former Member

‎08-14-2010 1:31 AM

0 Kudos

Hi ,

I thought that you cannot have generic assignments that is "*" for REPID because it applies in particular to report "SAPDBPNP"

if you have few users only and you know the program/report names why not use object S_program or transaction SA38?

It will not affect structural authroization.

If reports have to correlate to the same authorization checks like in various HR PAXX transactions , P_ABAP object idea is not good.

Regards

Former Member

‎08-13-2010 7:17 AM

0 Kudos

Hi Simon,

Runa trace St01 so tha you can find, what is the missing authorization..?

I dont think this authorization will override the structural authorization .... iam not sure ..

Sanketh.

former_member829447
Member

‎10-13-2022 2:49 PM

0 Kudos

Hola Simón,

Se que es muy tarde y ya debes tener la respuesta. Igual te la dejo por acá. Cuando trabajas con el objeto P_ABAP te propone dos opciones en el primer campo COARS, en el puedes indicar la opción 1, la cual va a respetar los valores de los infotipos que definiste en el P_ORGIN. Si usas la opción 2, este ignora los filtros de los infotipos que asignaste en el P_ORGIN, y esto hace que el reporte de HR traiga los datos que NO se debe mostrar.

Si haces la combinación en COARS la opción 1, y en el campo abajo REPID colocas el nombre del reporte en este caso la SAPDBPNP o el nombre del programa del reporte SAPDBPNP, este te va a respetar el filtro de la P_ORGIN y no te permitirá ver información de un Rol Privado. Solo podrá ver lo que definiste en la P_ORGIN con los diferenes campos. Si colocas la opción COARS 2 y en REPID SAPDBPNP te va a mostrar toda la información de los empleados en los reportes de HR sin respetar el filtro de la P_ORGIN.

También puedes repetir el objeto de autorización P_ABAP para segmentar y hacer diferentes lógicas.

Recueda que toda esta lógica va a cambiar de acuerdo a las necesidades del negocio o el cliente donde estas implementando.

Espero haberte ayudado. Saludos