Solved: Failed HR Structure Authorization: should not be p...

l_borsboom · ‎04-09-2008

Hi there,

I've got a strange problem which is quite similar to [this one|https://forums.sdn.sap.com/click.jspa?searchID=10542618&messageID=4893986], but the difference is that my userid does not have an entry in OOSB (T77UA) so it should not have missing HR Structure Authorizations because the general principle in the HR Structure is: No profile - No restrictions.

However, this user is restricted, but not for all records. The restrictions seem very random.

It seems that the userid itsself causes the problem. The account has been copied from another account. If you copy this account to any other userid then the problem does not occur, but I have to use this particular one because it is the official userid (personnel number).

As I said earlier, OOSB is empty and also infotype 0105 (Communication) is set properly.

I even tried to delete and re-create the userid completely but this did not help.

It looks like there are some 'hidden entries' in table T77UA or another table setting for this userid that I am not aware of. Could anyone help me out her?

Thank you!

Kind regards,

Lodewijk

jurjen_heeck · ‎04-09-2008

Lodewijk,

Have you tried running a trace (ST01) in the background while testing? If so, what are the results for the different authorization checks?

Jurjen

jurjen_heeck · ‎04-09-2008

Lodewijk,

Have you tried running a trace (ST01) in the background while testing? If so, what are the results for the different authorization checks?

Jurjen

l_borsboom · ‎04-09-2008

Hi Jurjen,

Thanks for your quick response.

I forgot to mention that I already tried ST01. All checks were succesful. The HR Structure checks are not shown there (only in SU53).

Lodewijk

former_member74904 · ‎04-09-2008

Hi Lodewijk,

You say your problem is similar to the one you're referring to in your initial post. Does that mean that you also get an error message saying:

*********************************************
The last authorization check was successful
Failed HR Structure Authorizations
Date xxxxxxxxxxxxxxxxxxx

l_borsboom · ‎04-09-2008

Hi Dimitri,

Nice to hear from you!

That's right. You can watch the screenprint [here|http://farm3.static.flickr.com/2300/2400001561_861299bd34_o.jpg].

Kind regards,

Lodewijk

former_member74904 · ‎04-09-2008

Hi Lodewijk,

Nice to hear from you again as well!

As I understand it, you are using contextual authorizations? Are you also using the BAdI (HRBAS00_GET_PROFL)?

You may want to try adding the structural ALL profile to your specific user ID (00765040) in T77UA and see if this user is still restricted?

Good luck!

Dimitri

l_borsboom · ‎04-09-2008

No, Contextual Authorization still has not been implemented in our Production System (working on that right now). But I tried adding an removing structural profile ALL as well, but with no positive results

former_member74904 · ‎04-09-2008

It is really not clear to me what can cause this, apart from the fact that the user ID may still be stored in the T77UU (INDX) table.

if the user is still in this table try deleting it by running RHBAUS02.

I hope this helps...

Dimitri.

l_borsboom · ‎04-09-2008

This solved my problem!

I had to add a structural profile to this user and then I was able to delete the entry for this userid with the report (there were only 2 entries in this table!).

Can you explain how this may have happened?

Thank you!

Lodewijk

former_member74904 · ‎04-09-2008

my guess is that you have run report RHBAUS00 (or RHBAUS02 with INSERT option) for this specific user some time ago. I assume the other user in the table was SAP*?

anyway, I'm glad you were able to solve this issue.

take care,

dimitri

Failed HR Structure Authorization: should not be possible