Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Auth object p_orgin field SUBTY

Go to solution
Former Member

‎10-21-2013 3:19 PM

0 Kudos

Hello All,

We have created two custom sub-types for IT 0033 - SUBTY 9000 and SUBTY 9001.

Subtype 9001 contains sensitive data that only a select few employees can see.

Hence in the Authorization profile, I have restricted access as follows:

Authorization level            A, M, P, R

Infotype                       0033

Personnel Area                 GB*

Employee Group                 *

Employee Subgroup              *

Subtype                        9000

Organizational Key             GB*

The above settings run fine, when user is trying to access data from PA20/PA30.

But when we run Ad-hoc queries containing IT 33 - all employee records with SUBTY 9000 and SUBTY 9001 records are not displayed for users with above authorization profile.

However, all employees with no SUBTY 9001 record are correctly displayed.

Is there a way of maintaining above authorization restriction and including only SUBTY 9000 records in the ad-hoc query?

Thanks for your answers in advance.

1 ACCEPTED SOLUTION

Go to solution
Former Member

‎10-22-2013 12:48 PM

0 Kudos

Hello,

With the standard infoset settings, ad hoc queries will never return a record if the user doesn't have the required authorizations for every output field. As the majority of the end users don't have access to subtype 9001, they will not be able to process personnel records of any person with that data, leaving only the employees that don't have a record for this subtype.

The good news is that this behaviour can be controlled on the infoset level by activating the corresponding switch "PROC_PERNR_PARTIAL_AUT" in the DATA section of the infoset code. Once this switch is set to "X", ad hoc query will always process all PERNR records and leave blanks where the user doesn't have authorization.


Note that this only works for PNP and PNPCE database.

Kind regards,

Brent

5 REPLIES 5

Go to solution
Former Member

‎10-22-2013 12:48 PM

0 Kudos

Hello,

With the standard infoset settings, ad hoc queries will never return a record if the user doesn't have the required authorizations for every output field. As the majority of the end users don't have access to subtype 9001, they will not be able to process personnel records of any person with that data, leaving only the employees that don't have a record for this subtype.

The good news is that this behaviour can be controlled on the infoset level by activating the corresponding switch "PROC_PERNR_PARTIAL_AUT" in the DATA section of the infoset code. Once this switch is set to "X", ad hoc query will always process all PERNR records and leave blanks where the user doesn't have authorization.


Note that this only works for PNP and PNPCE database.

Kind regards,

Brent

Go to solution
Former Member

‎11-11-2013 1:44 PM

0 Kudos

Hello Brent,

Thanks a lot for your response, and I did try out what you mentioned above in your reply, but unfortunately this does not work for me. There are no errors, but there is no change in behaviour as well - i.e. the query continues to filter out records with subtype 9001 maintained for the employee.

Go to solution
former_member74904
Contributor
In response to Former Member

‎11-21-2013 10:28 AM

0 Kudos

did you regenerate the infoset and query after you added the code in the DATA section?

*$HR$ [COMMON]
*$HR$ PROC_PERNR_PARTIAL_AUT = 'X'


Go to solution
Former Member
In response to Former Member

‎01-21-2014 9:42 AM

0 Kudos

Yes, I did regenerate the infoset. Not working yet.

Go to solution
Former Member
In response to Former Member

‎01-21-2014 9:42 AM

0 Kudos

Yes, I did regenerate the infoset. Not working yet.