Question:
Hey Fans of Sap,
I'm usually a pretty cluey HR authorisations guy, but a current problem is doing my head in.
We haven't gone live yet, but we found that one of our business support roles was able to change their own infotype 0008. As entertaining as the concept of leaving people to determine how much they feel they should be paid is, we couldn't let it through.
So I added:
P_ORGIN
M, R
0008
2200
*
*
*
*
P_PERNR
M, R, E, S, D, W
0008
E
*
and removed:
P_ORGIN
E, D, S, W, M, R
0008
The above is the only P_PERNR entry this role has but it has many other P_ORGIN entries which aren't relevant for this problem. Unfortunately, that user is no longer able to update infotype 0008. They are able to successfully update any other infotype they have access to (not referenced in P_PERNR) but not 0008. SU53 reveals:
Authorization level
E
Infotype
0008
Personnel Area
2200
Employee Group
A
Employee Subgroup
1O
Subtype
' '
Organizational Key
' '
I understand the programming of PA30 to check P_PERNR first and then P_ORGIN. I understand that's why P_ORGIN comes up as SU53. The trace shows that it's succeeding on the P_PERNR checks for value 'E'. What I don't understand is why the system even cares about P_ORGIN once P_PERNR succeeds? Also, is there any way I can convince it to work properly?
We're on ECC5.
Thanks!
Answer:
woulkd suggets to change
P_ORGIN
M, R
0008
2200
*
*
*
*
into
P_ORGIN
M, R
0008
2200
leave the other fields blank and it will check for these values P_PERNR
Answer:
I did try this based on a reply you had written for another poster, but I couldn't get it to work.
When you say leave the fields blank. Do you mean completely blank as in leave them in a status of yellow and therefore not really generated or do you mean to put a nonsense value in like '?
Any clarification would be greatly appreciated.
Answer:
as far as i did this in th pas i left them open. so yellow status.
But if you do not want that, you can assign the dummy '' value as well. The star value will overrule any setting you make in P_Pernr.
Answer:
I assigned the dummy value previously with no luck. I'll give the yellow status a shot and let you know how I go.
Thanks so much for your help.
Answer:
You've probably already verified but insure user is set up in infotype 105 with a current active date. Ie If infotype 105 is in the future then won't work. Also through OOAC PERNR has value 1
Answer:
Thanks everyone.
The solution is that both P_ORGIN and P_PERNR require an 'E' against infotype 0008. P_PERNR is checked first, so if the user is looking at their own personnel record P_PERNR is invoked. If the user is updating someone elses record then P_PERNR is checked and disgarded and P_ORGIN is invoked.
To get it working the role now looks like:
P_ORGIN
M, R, D, E, S, W
0008
2200
*
*
*
*
P_PERNR
E
0008
E
*