03-19-2007 1:49 PM
Hi Authorisations people,
I have a quick question about the P_PERNR authorisation object: If a role has both P_PERNR and P_ORGIN, how does it behave for someone's own data if there is no applicable entry in P_PERNR? Does it take the P_ORGIN permissions or does it just disallow the operation? I guess the question is, if P_PERNR exists, does SAP then ignore P_ORGIN for own personnel number accesses?
Hope u understand the question, thanks in advance for any answers.
/ Richard
03-19-2007 2:06 PM
For the fields were P_Orgin has no value it will look for a value in P_Pernr. So one should leave the cooresponding fields in P_ORGIN open to make P_PERNR work
03-19-2007 2:06 PM
For the fields were P_Orgin has no value it will look for a value in P_Pernr. So one should leave the cooresponding fields in P_ORGIN open to make P_PERNR work
03-19-2007 2:13 PM
Hi,
Thanks for the reply, but I meant the other way around... For example:
- I have R access for * infotypes in P_ORGIN,
- there is no entry for IT0008 in P_PERNR,
will I have R access to my own IT0008 record or no access?
Thanks in advance for help,
/ Richard
03-19-2007 2:47 PM
03-21-2007 6:34 PM
Hi,
First of all lets take
P_ORGIN what it does--- gives access to a set of people's data (to read change etc).
Now in this there are two scenarios
1 you are a part of this set:
So when you are trying to manipulate your data
the P_PERNR takes precedence over P_ORGIN so if in
P_PERNR you have Exclude value (E) (value for PSIGN in P_PERNR) set for set of infotypes for which you have access to from P_ORGIN then you will not be able to go to your data even if P_ORGIN allows you to.
2 you are not a part of this set of people (to which P_ORGIN gives you access) you have access to then
again it checks for P_PERNR for access regarding what access you have got for ur own data.
and gives access to the Infotypes for which you have Include (I) set for PSIGN field in P_PERNR.
Now this P_PERNR works iff,
1.OOAC switches are activated
2. You have the 0105 infotype for the System ID maintained.
otherwise the P_PERNR has no controlling effect whatso ever.
Hope this helps..
Manohar