- SAP Community
- Groups
- Interest Groups
- Application Development
- Discussions
- Structural Authorization in HR Standard Reports
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Structural Authorization in HR Standard Reports
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-04-2012 7:41 AM
Hi Experts,
Structural authorization applied works as intended in standard transactions (e.g. PA20, PA30, PP01 etc.) but it does not work in standard report (e.g. Date Monitoring). User able to extract information for employee that he/she does not authorised to.
Is this normal Structural Authorization behaviour ? Is there anything that need to be done to enable the restriction as intended ? Appreciate your help to look into this matter and advise the way forward.
Best Regards.
- SAP Managed Tags:
- Security
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-05-2012 2:49 PM
Hi,
Are the standard reports executed, are a part of logical databases like SAPDBPNP, SAPDBPAP etc? You can reach out to technical team to get an answer for that. If yes, then ensure you are not having P_ABAP auth object with COARS = 2, REPID = * or the Program being executed.
- SAP Managed Tags:
- Security
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-04-2012 9:06 AM
Hi,
I believe you should have the standard report debugged to see if there any authority check for P_ORGINCON. Since you say the report output is not being restricted by structural authorizations, so I suspect the the report has not been coded to check of the aforesaid authorization object. You can also run backend trace in ST01 to see if P_ORGINCON is being checked at all.
To enforce check on the object, you might want to explore the feasibility of implementing a BADI like HRPAD00AUTH_CHECK with the help of your developer.
Thanks
Sandipan
- SAP Managed Tags:
- Security
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-05-2012 2:49 PM
Hi,
Are the standard reports executed, are a part of logical databases like SAPDBPNP, SAPDBPAP etc? You can reach out to technical team to get an answer for that. If yes, then ensure you are not having P_ABAP auth object with COARS = 2, REPID = * or the Program being executed.
- SAP Managed Tags:
- Security
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-10-2012 5:27 AM
Hi Debmalya,
Thank you for highlighting, I've review P_ABAP granted to this ID. Once SAPDBPNP and COARS = 2 removed from the role. Standard report extraction works as intended but the message appeared seems misleading 'No Data Was Selected' - you'll only knows it failed Structural Authorization from SU53 screen shot.
Thank you again and best regards.
- SAP Managed Tags:
- Security
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-24-2014 6:27 AM
