PA20 Header Data Not Displaying

former_member676613 · ‎01-05-2012

Hello All,

Please help i have a user(A) who is able to view header data for few Pernr's(X) in PA20 and not able to view for other pernr's(Y) header data, i have checked that for the pernr's(X) whose data is getting displayed that they have Role assigned to their user ids and for the other perns(Y) for which header data is not getting displayed do not have roles assigned to the user ids.

I have checked that User A has the Structural Auth assigned to it.

Please suggest necessary action.

Thanks in Advance.

Thanks,

CB

Former Member · ‎01-06-2012

Hi,

It is irrelevant to check whether Pernr X and Y have role assigned or not. The issue here is why User A is unable to view Pernr Header for Pernr Y and is able to view header for PernrX.

Please carry out the following steps:

1. Ensure that Pernr Y falls within the purview of User A's structural auth. The most reliable way to check this is by ensuring first that User A exists in Table T77UA and desired structural auth is assigned to the user in that table.

2. Please run job RHBAUS02 for the user id and subsequently RHBAUS01. Then execute RHBAUS00 for the user ID.

3. Double click on the output of RHBAUS00, you will find the list of Objects for which the user has access to, based on the structural.

4. Check whether Pernr Y is listed there or not. If yes, then the user should have access to this Pernr (based on the relevant infotype access) else not.

By doing this exercise you will rule out the Structural Auth failure. Please lte me know how it comes up and I can guide you with further steps.

Thanks,

Deb

former_member676613 · ‎01-07-2012

Hello Deb,

Thanks for your help, I did waht you mentioned, but then to no good results. Can you please suggest any other steps?

Thanks,

CB

Former Member · ‎01-08-2012

Hi,

So you mean to say, Pernr Y is appearing in the list of Objects for which User A has access to based on the structurals and therefore there is no issue with the structural auth?

Then I would like to know based on what PA restriction is the security designed for User A. Please can you provide the values present in P_ORGINCON and P_ORGXXCON for the roles assigned to User? Is there any restriction designed based on Administrator Area?

Also did you trace for authorization while accessing Pernr Y and did you find any auth error?

Thanks,

Deb

Edited by: Debmalya Majumdar on Jan 8, 2012 1:57 PM

former_member676613 · ‎01-08-2012

Hello Deb,

When User (A) tries to see the details of User (Y) but User A failed to see, the i run the SU53 to find the missing Auth, the i added the missing Auth in P_PERNR. After that then also the user (A) is not able to see the details of User Y, then again i run SU53 added all the missing Auth,with thsi to and fro activities i added all the missing Auth. After that User A tries to see details of User Y then to no good results, then again i run SU53 and found no missing Auth.

Then i run Trcae and found no mising Auth.

And per your Questions about P_ORGINCON, i already have Update facility for ITs in role assigned.

Best Regards,

CB

Former Member · ‎01-08-2012

Hi,

SU53 is never a reliable source while dealing with HR Security that's why i didn't ask you for SU53 results. What you see in Su53 is dummy auth failure and is not related to the actual issue.

Please do the following things:

OPTION1. Assign SAP_ALL to the user and try. Please do not remove any structural profile assigned to the user. If it still fails then the issue is with structural authorization. If not then issue with role based authorization.

OPTION2. Assign ALL PD Profile to the user and do not assign any additional role based authorization. If it works then the issue is with Structural authorization else with the role based authorization.

If both of the above Option fails and given that you said there is no error shown in the trace, then there is no issue with authorizations or in the security design.

P.S. Check for accurateness of data is very important in HR. Please get the two Pernrs compared and verified by the functional team.

Thannks,

Deb

former_member676613 · ‎01-09-2012

Hello Deb,

Now i am seeing that for the position for which i was trying to run the jobs is been changed to default position "99999999".

Can you please suggest what this happened?

Best Regards,

CB

Former Member · ‎01-09-2012

Hi,

Are you trying to run RHPROFL0 for the position of User A and you see that User has now been assigned to Default position 9999999?

Or, Is it that Pernr Y is now having position 9999999?

Whatever it may be in both the above cases the issue will persist. 9999999 is a default position which is assigned to a Pernr either during hiring when a valid position is not available yet for the employee in the system or when an employee is terminated.

Please request functional team to assign to a valid position and ensure that the position and Pernr both appears in the output of RHBAUS00 job that I mentioned before.

You can also check that User A will be able to see Pernr Y when you assign ALL PD Profile to the user and a role which has PROFL field = * under P_ORGINCON

Thanks,

Deb

former_member676613 · ‎01-19-2012

Hello Deb,

The functional team has assigned the position to pernr, and after that i ran report RHBAUS00, evrything looks perfect.

Thanks for your help.

Best Regards,

CB

Former Member · ‎01-06-2012

This message was moderated.