11-28-2007 4:47 PM
Our roles are currently set up to limit users by Personnel Areas so that they may not access other company codes. On occasions users are able to access employees in company codes that were not assigned to them. Does anyone know of a glitch that exists or why this may be happening.
11-29-2007 8:54 AM
in fact there are several notes on authorization problems concerning PA30 and several other reports in that are. search service.sap.com/notes with keywords 'PA30' and 'authorization'. a few examples here:
814627
138533
138526
11-29-2007 8:54 AM
in fact there are several notes on authorization problems concerning PA30 and several other reports in that are. search service.sap.com/notes with keywords 'PA30' and 'authorization'. a few examples here:
814627
138533
138526
11-29-2007 10:54 AM
Hello,
The Tcode PA30 checks the following auth objects and auth fields:
PLOG
PLVAR Plan Version
OTYPE Object Type
INFOTYP Infotype
SUBTYP Subtype
ISTAT Planning Stat
PPFCODE Function Code
P_ORGIN
INFTY Infotype
SUBTY Subtype
AUTHC Authorization leve
PERSA Personnel Area
PERSG Employee Group
PERSK Employee Subgroup
VDSK1 Organizational Key
P_PCLX
RELID Area identifier for cluster in
AUTHC Authorization level
P_PERNR
AUTHC Authorization level
PSIGN Interpretation of assigned personnel n
INFTY Infotype
SUBTY Subtype
It does not check for Company code directly. Maybe in your configuration you have defined different Personal Area for different Company Codes. If that is the case then you could probably restrict it by defining the PERSA for different roles. And if still you get problem, assign the role to another user and ask him to perform the required jobs while put this user under Authorization trace via Tcode ST01. Report of the above trace will give you a list of authorization objects and value hit for doing the same from where you can make out what objects or fields or values to modify.
Hope this helps.
Pl award suitably.
Regards