on 07-05-2007 2:18 PM
We need to secure IT0008 by subgroup but find if the IT0001 record is changed to another subgroup that is outside the scope of the role it still shows IT0008 if the IT0008 record did not change with the IT0001 record. If they are out of sync (which HR tells me is very likely) it attaches the IT0008 to the previous IT0001 entry not the current. Therefore making it visible when it shouldn't be? Any suggestions?
Hi,
The solution for this is
OOAC switch settings for
ADAYS field
HR: Tolerance Time for Authorization Check (ADAYS)
Use
The tolerance time for the authorization check specifies the length of
time, in the case of an organizational change, that the personnel
administrator has access to the data he or she created for a person if
this person already has an organizational assignment outside of his or
her authorizations.
Input values
The tolerance time for the time logic for master data infotypes is
specified in calendar days. In the standard SAP system, the value of the
switch is set to 15 (= 15 calendar days). When this switch is active,
that is, when it contains a value greater than 0, organizational changes
that result in the loss of a particular authorization take effect in
accordance with the tolerance time.
Example
ADAYS is set to 15. In the system, only checks with P_ORGIN are active.
Administrator A has read and write access to data in personnel area A
while administrator B has read and write access to data in personnel
area B. It is assumed that for all infotypes the time dependency of the
authorization check (switch T582A-VALDT) is active.
A personnel number was assigned to personnel area A until 12/31/9999. As
of 01/01/2000 this personnel number is assigned to personnel area B. The
period of responsibilty of administrator A ends on 12/31/9999 but due to
the tolerance time, he or she continues to have unrestricted read and
write access to data until 01/15/2000 (inclusive). However, as of
01/16/2000, he or she no longer has write access to data. Nevertheless,
the administrator still has read access to all data records with a start
date prior to 12/31/9999.
So if you set it to 0 then there will not be overlapping access granted and the change will take effect immediately.
Hope this helps
Manohar
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
99 | |
9 | |
9 | |
5 | |
4 | |
4 | |
3 | |
3 | |
3 | |
3 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.