01-16-2008 8:49 PM
HI
I am currently trying to implement Structural Authorisation. I have run into a problem and hoping someone maybe able to help. The problem I have is that when a user searchs for employee's in PA20/30 the results show all employee's that are part of the org unit that the PD profile is restricting. However it also includes users that were part of the org unit at some stage.
Now in PA30 the user does not get the header for these users but is able to access/modify some infotypes. I am not sure but I think there is a setting somewhere that will limit the PD profile to only display current employee's of the org unit only but for the life of me can not remember or recall where it is. Can anyone help with this?
Any help will be appreciated,
Many thanks in advance.
01-17-2008 6:30 AM
pls in the roles assign the right planning version as well as the other restrictions and your poblem should be solved
01-17-2008 6:30 AM
pls in the roles assign the right planning version as well as the other restrictions and your poblem should be solved
01-17-2008 10:52 AM
you could also have a look at the T582A-VALDT settings for the infotypes involved.
<a href="http://help.sap.com/saphelp_47x200/helpdata/en/48/35c8454abf11d18a0f0000e816ae6e/frameset.htm">saphelp</a>
Edited by: Dimitri on Jan 17, 2008 11:52 AM
01-21-2008 9:51 PM
Hi,
Did you verify the values for the
Switch ADAYS "HR: Tolerance Time for Authorization Check"
in Transaction OOAC.
Depending on the number of days mentioned.
The person would have access to old Org Unit till the tolerance period if he modified information in that org unit.
Actual SAP documentation:
HR: Tolerance Time for Authorization Check (ADAYS)
Use
The tolerance time for the authorization check specifies the length of
time, in the case of an organizational change, that the personnel
administrator has access to the data he or she created for a person if
this person already has an organizational assignment outside of his or
her authorizations.
Input values
The tolerance time for the time logic for master data infotypes is
specified in calendar days. In the standard SAP system, the value of the
switch is set to 15 (= 15 calendar days). When this switch is active,
that is, when it contains a value greater than 0, organizational changes
that result in the loss of a particular authorization take effect in
accordance with the tolerance time.
Example
ADAYS is set to 15. In the system, only checks with P_ORGIN are active.
Administrator A has read and write access to data in personnel area A
while administrator B has read and write access to data in personnel
area B. It is assumed that for all infotypes the time dependency of the
authorization check (switch T582A-VALDT) is active.
A personnel number was assigned to personnel area A until 12/31/9999. As
of 01/01/2000 this personnel number is assigned to personnel area B. The
period of responsibilty of administrator A ends on 12/31/9999 but due to
the tolerance time, he or she continues to have unrestricted read and
write access to data until 01/15/2000 (inclusive). However, as of
01/16/2000, he or she no longer has write access to data. Nevertheless,
the administrator still has read access to all data records with a startdate prior to 12/31/9999.