10-11-2007 9:46 PM
All
I was trying to move my HR role from Dev to QA.
I got the error message from transport and not sure about it.
Please let me know if you have any suggestions.
Invalid organizational level $ORGEH deleted from role Z_ALL_MODULES_EXCEPT_BASIS_HR
Invalid organizational level $ORGUNIT deleted from role Z_ALL_MODULES_EXCEPT_BASIS_HR
Errors occurred during post-handling
PRGN_AFTER_IMP_ACTGROUP_ACGR for ACGR L
PRGN_AFTER_IMP_ACTGROUP_ACGR belongs to package S_PROFGEN
The errors affect the following components:
BC-SEC-USR-PFC (Authorization and Role Management)
Post-import method PRGN_AFTER_IMP_ACTGROUP_ACGR completed for ACGR L, date and time: 20071011162942
10-11-2007 10:41 PM
It looks like someone created that field as an org. level field in dev and it hasn't been created yet in the QA system.
If this should be an organizational field (to be used in derived roles), then execute program PFCG_ORG_FIELD_CREATE to create it as an org field in QA and then re-transport: NOTE - any other affected roles by the org field creation would need to be re-transported from dev to QA after the program is run; otherwise the roles will have unmaintained values. You can run the program in test mode to see which roles would be affected.
Message was edited by:
Julie Nguyen
10-12-2007 1:05 AM
Where would find the Org level fields ?
Any suggestions.
Some of the values in S_TCODE were modified in Dev system
before I transported to QA. The role was already there in QA also.
From,
Pranav Thaker
8457
10-12-2007 7:02 AM
Hi,
To find Organization levels:
Go to PFCG->enter the role name>Go to Authorization tab>display Authorization Data--->In the screen click the Organisational level button or press Ctrl+F8.
Here look for an entry $ORGEH $ORGUNIT . If it is there, Remove the entry, create a transport req and retransport.
Regarding your problem:
Pl refer Note 1014969 - Role import: Terminations due to type 'E' messages.
Note 923468 - Runtime problems when importing roles.
Pl award suitably if resolved.
Regards
10-12-2007 7:59 AM
Pranav,
You can see a list of all org levels in table USORG
There are standard SAP programs for adding or deleting org levels
PFCG_ORGFIELD_CREATE
PFCG_ORGFIELD_DELETE
If you want these fields to be maintained as org levels then you need to make sure that you have created them in all system.
If you don't want these fields as org levels then you can delete them using the program I listed above.
10-12-2007 8:12 AM
Hi,
For the roles you defined, you see the org fields and value in table agr_1252.
Have fun.
Jan van Roest
10-13-2007 3:49 AM
I just checked the USORG table in QA and those two Org Fields are missing
How can I create them ?
Should run the report SAP_ORGFIELD_CREATE or mannually adding
entry in USORG table.
What is the best practice ?
Thanks,
From,
PT.
10-13-2007 6:50 PM
Use PFCG_ORGFIELD_CREATE
You can do it manually but you have to amend more than just USORG from memory.
You can run PFCG_ORGFIELD_CREATE in test mode first to make sure you are happy with everything.
10-15-2007 8:41 AM
Hi Pranav,
Instead of creating you can transport the USORG table from SM30 so once its moves to QUA it overwrites the USORG table
hope this helps
thanks,
kishore
10-15-2007 9:34 AM
Kishore,
Maintaining USORG is not enough to create an org level properly.
Look in the code for PFCG_ORGFIELD_CREATE to see what else is updated.
As per SAP's advice in note 323817
<i>"The settings for organizational levels can also be modified with transactions SUPO and SUPO_PREPARE or by maintaining tables USORG and USVAR.These functions are obsolete and may not be used since the result would be incomplete. Instead use the aforementioned reports."</i>
10-15-2007 8:07 PM
ok Thanks,
How can verify it if everything is ok.
Just adding the entry in USORG table by running PFCG_ORGFIELD_CREATE
and transporting Change request again ?
Anythingelse, should I check ?
Thanks all for your help.
From,
PT.
_____________________________________________________
10-15-2007 9:24 PM
You should be able to transport it again, but when you execute the program in the QA system, take a look at the roles that are affected (specifically any Z ones) and make sure they are properly maintained in dev and include these in the transport - otherwise if these roles are assigned in QA, the users will have some authorization issues.