Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Showing results for 
Search instead for 
Did you mean: 

HR auths - P_PERNR

Former Member
0 Kudos

Hi Authorisations people,

I have a quick question about the P_PERNR authorisation object: If a role has both P_PERNR and P_ORGIN, how does it behave for someone's own data if there is no applicable entry in P_PERNR? Does it take the P_ORGIN permissions or does it just disallow the operation? I guess the question is, if P_PERNR exists, does SAP then ignore P_ORGIN for own personnel number accesses?

Hope u understand the question, thanks in advance for any answers.

/ Richard

1 ACCEPTED SOLUTION

Former Member
0 Kudos

For the fields were P_Orgin has no value it will look for a value in P_Pernr. So one should leave the cooresponding fields in P_ORGIN open to make P_PERNR work

4 REPLIES 4

Former Member
0 Kudos

For the fields were P_Orgin has no value it will look for a value in P_Pernr. So one should leave the cooresponding fields in P_ORGIN open to make P_PERNR work

0 Kudos

Hi,

Thanks for the reply, but I meant the other way around... For example:

- I have R access for * infotypes in P_ORGIN,

- there is no entry for IT0008 in P_PERNR,

will I have R access to my own IT0008 record or no access?

Thanks in advance for help,

/ Richard

0 Kudos

Info type and activity access should be in both objects

manohar_kappala2
Contributor
0 Kudos

Hi,

First of all lets take

P_ORGIN what it does--- gives access to a set of people's data (to read change etc).

Now in this there are two scenarios

1 you are a part of this set:

So when you are trying to manipulate your data

the P_PERNR takes precedence over P_ORGIN so if in

P_PERNR you have Exclude value (E) (value for PSIGN in P_PERNR) set for set of infotypes for which you have access to from P_ORGIN then you will not be able to go to your data even if P_ORGIN allows you to.

2 you are not a part of this set of people (to which P_ORGIN gives you access) you have access to then

again it checks for P_PERNR for access regarding what access you have got for ur own data.

and gives access to the Infotypes for which you have Include (I) set for PSIGN field in P_PERNR.

Now this P_PERNR works iff,

1.OOAC switches are activated

2. You have the 0105 infotype for the System ID maintained.

otherwise the P_PERNR has no controlling effect whatso ever.

Hope this helps..

Manohar