Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

HR access PA30

Go to solution
Former Member

‎11-28-2007 4:47 PM

0 Kudos

Our roles are currently set up to limit users by Personnel Areas so that they may not access other company codes. On occasions users are able to access employees in company codes that were not assigned to them. Does anyone know of a glitch that exists or why this may be happening.

1 ACCEPTED SOLUTION

Go to solution
Former Member

‎11-29-2007 8:54 AM

0 Kudos

in fact there are several notes on authorization problems concerning PA30 and several other reports in that are. search service.sap.com/notes with keywords 'PA30' and 'authorization'. a few examples here:

814627

138533

138526

2 REPLIES 2

Go to solution
Former Member

‎11-29-2007 8:54 AM

0 Kudos

in fact there are several notes on authorization problems concerning PA30 and several other reports in that are. search service.sap.com/notes with keywords 'PA30' and 'authorization'. a few examples here:

814627

138533

138526

Go to solution
Former Member

‎11-29-2007 10:54 AM

0 Kudos

Hello,

The Tcode PA30 checks the following auth objects and auth fields:

PLOG

PLVAR Plan Version

OTYPE Object Type

INFOTYP Infotype

SUBTYP Subtype

ISTAT Planning Stat

PPFCODE Function Code

P_ORGIN

INFTY Infotype

SUBTY Subtype

AUTHC Authorization leve

PERSA Personnel Area

PERSG Employee Group

PERSK Employee Subgroup

VDSK1 Organizational Key

P_PCLX

RELID Area identifier for cluster in

AUTHC Authorization level

P_PERNR

AUTHC Authorization level

PSIGN Interpretation of assigned personnel n

INFTY Infotype

SUBTY Subtype

It does not check for Company code directly. Maybe in your configuration you have defined different Personal Area for different Company Codes. If that is the case then you could probably restrict it by defining the PERSA for different roles. And if still you get problem, assign the role to another user and ask him to perform the required jobs while put this user under Authorization trace via Tcode ST01. Report of the above trace will give you a list of authorization objects and value hit for doing the same from where you can make out what objects or fields or values to modify.

Hope this helps.

Pl award suitably.

Regards