cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

To Delete Payroll Results - PU01

Former Member

on ‎07-24-2013 2:05 PM

0 Kudos

Dear Experts,

This is related to an authorization issue to delete payroll results.  The user had display authorization on info type 0008 (Basic Pay) and write authorizations to other payroll info types. 

To overcome this we had been maintained RPCDPU01 to REPID and * to COARS under the object P_ABAP. But still the user is facing the issue that "No Write Authorization for Basic Pay 0008"

Could you please share your views on the same ?

Thanks in advance,

Raj,

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (3)

Answers (3)

Former Member
‎08-01-2013 9:15 PM
0 Kudos

Solution:

use badi HRPAD00AUTH_CHECK that is invoked inside HR_CHECK_AUTHORITY_INFTY during IT0008 check inside RPCDPU01

implementation should be very simple:

CALL METHOD HRAC_BADI->CHECK_AUTHORIZATION
     EXPORTING
       LEVEL = LEVEL
       TCLAS = TCLAS
       PERNR = PERNR <----------- check if this is a right person
       INFTY = INFTY     <------------ and infotype
       SUBTY = SUBTY
       BEGDA = BEGDA
       ENDDA = ENDDA
       UNAME = UNAME <---------- and right user
       PROCESS_ONLY_PARTIAL_CHECKS = HRAC_BADI->FALSE
     IMPORTING
       IS_AUTHORIZED = IS_AUTHORIZED <-------- and true as result
     EXCEPTIONS
       INVALID        = 1
       INTERNAL_ERROR = 2
       OTHERS         = 3.

this should work

regards,

Bartek

Show replies
Show replies
Former Member
‎08-02-2013 1:21 AM
0 Kudos

Hi,

a word of caution:

you can't activate an implementation of BAdI HRPAD00AUTH_CHECK and just put the coding in for the case you want to change.

There are a dozen methods and you need to make sure that all of them, including the one you need to include your change in, still do the standard checks.

Only then, can you add your bespoke coding to change standard behaviour.

I presented on this topic at the HR2013 in Amsterdam, so let me share the slides concerning this topic with you:

Former Member
‎08-02-2013 7:30 AM
0 Kudos

There is an option still check this note: 437411 there is a badi that will meet your requirement with smaller range of impact: HR_PY_AUTH_PU01. This solution will be better than usage of HRPAD00AUTH_CHECK as Sven is writing.

former_member184672
Participant
‎07-24-2013 6:51 PM
0 Kudos

Hi Raj,

       Please ask the user to send you a screenshot of the SU53 transaction code as soon as he/she receives the authorization error. The object to which the user misses authorization will be displayed in the SU53 transaction.

As Sven specified the authorization object for IT0008 must be P_ORGIN. Nevertheless, it's better to analyze the results in SU53.

Thanks & Regards,

Sarath.

Show replies
Show replies
Former Member
‎07-25-2013 5:00 AM
0 Kudos

Thanks for your input Sarath. But the business requirement is the user should have only read authorization for IT 0008 and he should able to delete payroll results.

Regards,

Raj

Former Member
‎07-24-2013 2:35 PM
0 Kudos

Hi Raj,

2 possible sources for the issue:

- SAP found this transaction too critical to take any chances and hardcoded the check against P_ORGIN for IT0008. In that case, you've little chance to get around it short of a modification

- a different program is called up in the background and SAP is expacting that rather than the one you mention in P_ABAP.

Run an authorisation trace via transaction ST01 and check how P_ABAP is performed. If it's not checked at all, then it's the first option. If it is, you'll see in the log, which program name is tested and you can change your authorisation accordingly.

Tip: only startvtge trace immediately before you perform pu01 in a different window and then stop the trace as soon as the error occurs. This gives you less data to go through.

Kind regards

Sven

Show replies
Show replies
Former Member
‎07-25-2013 6:25 AM
0 Kudos

Dear Sven, thanks for your inputs, could you please eleborate the first point ?  Do you mean that to do custom development against to this authorization check ?

Thanks in advance,

Raj

Former Member
‎07-25-2013 7:07 AM
0 Kudos

Yep. Easiest way would than be to modify the deletion prigram, where the auth check is hard coded.

The standard way would be using BAdI HRPAD00AUTH_CHECK. But it's a complex BAdI.

Former Member
‎07-25-2013 5:48 PM
0 Kudos

Dear Sven,  we have been enable the Trace and found that the system is checking P_ORIGIN Info type 0008.  So could you please advise what is the best approach to over come this issue ?  Our Business never prefer the modify the standard programs.,

and Why the P_ABAP is not performing ?

Thanks in Advance !!

Regards,

Raj

Former Member
‎07-26-2013 12:00 AM
0 Kudos

Hi Raj,

I just checked in a system: the program RPCDPU01 is not based on a logical database PNP(CE).

P_ABAP is only working for these logical databases. Probably also written in the documentation of this object. That's something to always check, if you are not sure.

So, it's one of those 3:

- modification of RPCDPU01

- Using a BAdI, most likely HRPAD00AUTH_CHECK

- change the process

I would certainly go for the 3rd option, as surely, there must be someone, whom you trust to change salary data and run payroll, who should also be trustworthy enough to delete the results.

kind regards

Sven

Ask a Question