on 07-24-2013 2:05 PM
Dear Experts,
This is related to an authorization issue to delete payroll results. The user had display authorization on info type 0008 (Basic Pay) and write authorizations to other payroll info types.
To overcome this we had been maintained RPCDPU01 to REPID and * to COARS under the object P_ABAP. But still the user is facing the issue that "No Write Authorization for Basic Pay 0008"
Could you please share your views on the same ?
Thanks in advance,
Raj,
Solution:
use badi HRPAD00AUTH_CHECK that is invoked inside HR_CHECK_AUTHORITY_INFTY during IT0008 check inside RPCDPU01
implementation should be very simple:
CALL METHOD HRAC_BADI->CHECK_AUTHORIZATION
EXPORTING
LEVEL = LEVEL
TCLAS = TCLAS
PERNR = PERNR <----------- check if this is a right person
INFTY = INFTY <------------ and infotype
SUBTY = SUBTY
BEGDA = BEGDA
ENDDA = ENDDA
UNAME = UNAME <---------- and right user
PROCESS_ONLY_PARTIAL_CHECKS = HRAC_BADI->FALSE
IMPORTING
IS_AUTHORIZED = IS_AUTHORIZED <-------- and true as result
EXCEPTIONS
INVALID = 1
INTERNAL_ERROR = 2
OTHERS = 3.
this should work
regards,
Bartek
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi,
a word of caution:
you can't activate an implementation of BAdI HRPAD00AUTH_CHECK and just put the coding in for the case you want to change.
There are a dozen methods and you need to make sure that all of them, including the one you need to include your change in, still do the standard checks.
Only then, can you add your bespoke coding to change standard behaviour.
I presented on this topic at the HR2013 in Amsterdam, so let me share the slides concerning this topic with you:
Hi Raj,
Please ask the user to send you a screenshot of the SU53 transaction code as soon as he/she receives the authorization error. The object to which the user misses authorization will be displayed in the SU53 transaction.
As Sven specified the authorization object for IT0008 must be P_ORGIN. Nevertheless, it's better to analyze the results in SU53.
Thanks & Regards,
Sarath.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Raj,
2 possible sources for the issue:
- SAP found this transaction too critical to take any chances and hardcoded the check against P_ORGIN for IT0008. In that case, you've little chance to get around it short of a modification
- a different program is called up in the background and SAP is expacting that rather than the one you mention in P_ABAP.
Run an authorisation trace via transaction ST01 and check how P_ABAP is performed. If it's not checked at all, then it's the first option. If it is, you'll see in the log, which program name is tested and you can change your authorisation accordingly.
Tip: only startvtge trace immediately before you perform pu01 in a different window and then stop the trace as soon as the error occurs. This gives you less data to go through.
Kind regards
Sven
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Dear Sven, we have been enable the Trace and found that the system is checking P_ORIGIN Info type 0008. So could you please advise what is the best approach to over come this issue ? Our Business never prefer the modify the standard programs.,
and Why the P_ABAP is not performing ?
Thanks in Advance !!
Regards,
Raj
Hi Raj,
I just checked in a system: the program RPCDPU01 is not based on a logical database PNP(CE).
P_ABAP is only working for these logical databases. Probably also written in the documentation of this object. That's something to always check, if you are not sure.
So, it's one of those 3:
- modification of RPCDPU01
- Using a BAdI, most likely HRPAD00AUTH_CHECK
- change the process
I would certainly go for the 3rd option, as surely, there must be someone, whom you trust to change salary data and run payroll, who should also be trustworthy enough to delete the results.
kind regards
Sven
User | Count |
---|---|
107 | |
12 | |
10 | |
5 | |
5 | |
3 | |
3 | |
3 | |
3 | |
2 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.