Question:
Hi,
I'm facing one problem with PA30 in one role.
Here it is.
Created a role with some reports and T-Codes.And the same role required PA30 105 infotype access.
But sone reports are getting info from other infotypes. If I put those infotypes in P_ORGIN user able to access those infotypes in PA30 also.
If I take out all infotypes from P_ORGIN and keep ony 105.PA30 working fine but when I run reports it shows an error as there were no infotypes in P_ORGIN.
And i did some other way by not putting infotypes in P_ORGIN but in P_PERNR i put all infotypes and Interpretation of assign user level as I,User able to run reports as well as PA30 105 Infotype only.But user able to see his own data(Not other users data in org unit) of all infotypes and even he can create via Overview button.If I put E there reports are not working.
If user click on Create or Change in fails but he click on Overview button he can go in and create.
How to solve this?
Thanks in advance
Answer:
Hi,
if you want let the user see data only via reports, you can use auth.object P_ABAP for this. For report specified in this object you can switch off the authority check - it means, user can work in PA30 with infotypes given in P_ORGIN or P_PERNR and reports with logical database PNP will work.
You have two possibilities with P_ABAP - one is really switching off all auth.checks for infotypes (value 2 or * in field COARS) or independent check of org.assigment and infotypes (value 1 in field COARS). Independent check means that you will will crate 2 authorizations in the role for example for object P_ORGIN: first one will specify only the organization fields with no data for infotypes, the other authorization has only infotypes and activity specified. In PA30 are both of them for nothing, but in combination with P_ABAP for selected report it works.
Hope thi helps.