Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Showing results for 
Search instead for 
Did you mean: 

P_ORGIN is necessary for Employee Self Service Role

Former Member
0 Kudos

Hi Experts,

I am trying to set up authorizations in R/3 for accessing Employee Self Service applications on Portal.

"Record working time" application is working fine for employees if I add the P_ORGIN to the Z-ESS role and put * in all the fields.

Does the role really need P_ORGIN. I am thinking P_PERNR should take care of all write/read access to HR Infotypes.

I can not really distinguish between these objects. Could you throw some light on this.

Thanks!

minisapG

1 ACCEPTED SOLUTION

former_member74904
Contributor
0 Kudos

for ESS you'll only need P_PERNR. using P_ORGIN with * values for all fields will make any HR security person's hair stand up straight ) even though it can't do much harm in an ESS scenario, it may eventually cause conflicts when implementing further scenario's.

P_PERNR should take care of just what you want specifying the right infotypes and using the <b>I</b>nclude or <b>E</b>xclude function.

for your understanding, P_PERNR is used for access to an employee's <i>own</i> data. this in contrast of P_ORGIN which is generally for all HR master data.

if you want to know more, let me know!

6 REPLIES 6

former_member74904
Contributor
0 Kudos

for ESS you'll only need P_PERNR. using P_ORGIN with * values for all fields will make any HR security person's hair stand up straight ) even though it can't do much harm in an ESS scenario, it may eventually cause conflicts when implementing further scenario's.

P_PERNR should take care of just what you want specifying the right infotypes and using the <b>I</b>nclude or <b>E</b>xclude function.

for your understanding, P_PERNR is used for access to an employee's <i>own</i> data. this in contrast of P_ORGIN which is generally for all HR master data.

if you want to know more, let me know!

0 Kudos

I had some problems with P_PERNR object. Because this object was looking for IT 0316 and with authorization level *. I figured this from the trace ST01. Now it is working fine without P_ORGIN. I do not know why P_PERNR needs it 0316 for CATS web dynpro application.

Can you please let me know what is this Infotype.

Thanks for your help.

Former Member
0 Kudos

OMG! I have to agree with Dimitri.

If your HR functional folks cannot give you the correct P_ORGIN info types, trace, trace, trace... Do the right thing!

0 Kudos

> OMG! I have to agree with Dimitri.

is it that bad to agree with me?

Former Member
0 Kudos

Thanks for all your replies and help.

WhimWham
Discoverer
0 Kudos

This is at

http://help.sap.com/saphelp_47x200/helpdata/en/64/40050c470211d189720000e8322d00/frameset.htm

concerning Infotype 0316:

"Using dummy infotypes

The HR authorizations required to display and maintain personal data are supplemented by two other types of authorizations for the Time Sheet, for

Displaying and entering data in the time sheet

Displaying and approving data using time sheet reports

Time sheet data is represented in dummy infotypes for this purpose.

Dummy infotypes

Infotype 0316 represents the authorization for data entry profiles. The subtypes of this infotype are the profile authorization groups.

Dummy infotype 0328

Infotype 0328 represents the authorization for reporting and approval.

It is very important to note that these infotypes do not actually exist in the system. They are only used to access the HR authorization concept in order to assign authorizations to read, change, or approve time sheet data.

For more information, see the Implementation Guide for the Time Sheet. Choose Time Sheet ® Authorizations."