Question:
In Blueprinting and confused between the values for the COARS field and their impact to HR Infotype authorizations (after reading docs). Can anyone clarify difference and ideal usage between the values 0, 1, and 2 and its impact to HR infotype authorizations via HR reporting?
Also, It has been suggested to replace P_ORGIN, P_ORGINCON, P_ORGXX with a custom authorization object citing one reason (among others) is to add field TCD to custom object to avoid use of degree of simplication via P_ABAP. For example, to process personnel data via payment medium programs from Accounting which should allow user to start program via tcode but restricts them from accessing the Infotypes via PA20, etc. Any issues with this design? If we do not use P_ABAP, how are authorizations configured for HR reporting while balancing the HR Infotype authorizations?
Any assistance would be greatly appreciated! Thanks!
Answer:
P_ORGXX with a custom authorization object citing one reason (among others) is to add field TCD to custom object to avoid use of degree of simplication via P_ABAP. Sounds like a cure to a symptom not a fix to the problem... Avoid adding TCD to any object. If you do not want the users to execute the report then put an aut group onthe report usng RSCSAUTH and assign users to only that group to run the report. P_ABAP is a wonderful tool to allow you to give person full access to the HR records without giving them individual access to a specific user via PA20 or PA30. THe mass execution reports are designed using P_ABAP to let someone run payroll without giving the user specific access to each individual record.
Create a role and palw with the settign to decern for yourself its best use in your application.
If you do not use strucural authorization then P_ORGINCON is of little use.
_________________
John A. Jarboe