Question:
Hello everyone,
We are currently implementing Time & Expense in SAP ECC 5.0 . I am fairly new to authorizations and am struggling to get the CAT2 functionality working so that it limits the ability to log a time sheet to the user themselves. I have the field "Interpretation of assigned personnel number" (PSIGN) set to 'I' for obj P_PERNR but it's still allowing the user to log entries for others.
Any insights would be appreciated.
Thanks so much!
Answer:
CATS has some special virtual infotypes to handle this problem. 0316 if I remember correctly. In SAP HELP it is defined quite nicely, look undet CATS and authorizations.
_________________
www.bluedragonfishing.com
http://www.saphr-robinette.com/
Answer:
Check that you have not allowed additional access through another role (or your CATS role for that matter) via P_ORGIN & P_ORGXX.
Alos be aware that SAP provides dummy infotypes for timesheet defaults and management.
~~~~~~~~~~~~~~~~~
Using dummy infotypes
The HR authorizations required to display and maintain personal data are supplemented by two other types of authorizations for the Time Sheet, for
1. Displaying and entering data in the time sheet
2. Displaying and approving data using time sheet reports
Time sheet data is represented in dummy infotypes for this purpose.
Dummy infotype 0316
Infotype 0316 represents the authorization for data entry profiles. The subtypes of this infotype are the profile authorization groups.
Dummy infotype 0328
Infotype 0328 represents the authorization for reporting and approval.
_________________
Sandi
~~~~
Apparently Father Christmas, the Easter Bunny, the Tooth Fairy and Star Wars aren't real
Tuly kiwi.
Answer:
Hello again,
I have checked and the only role containing P_ORGIN and P_PERNR is the one that I am working on to allow access to log time sheets. I've been working off of what's in the SAP Library and had added IT0316 in my P_ORGIN and P_PERNR as well.
From what I have read, P_ORGIN is used to restrict access to overall personnel data and P_PERNR in the same role is to restrict the user's access to their own personnel data and overrides P_ORGIN. So it would seem that I should remove access from P_ORGIN and give the user access through P_PERNR in order to limit their ability to log time sheets to their own login ID...however, I've tried variations on limiting P_ORGIN but none result in the user not being able to log timesheets under another user ID.
Any help would be greatly appreciated.
THanks.
Answer:
Remove P_ORGIN from the role.
(Note you may need to add P_ORGIN for matchcode searches)
I am using two P_PERNR objects
P_PERNR
E
0316, 2001, 2002, 2003
I
*
and
P_PERNR
R
0000, 0001, 0002, 0003, 0007, 0105, 0315, 0316
I
*