topic Re: Structural Authorisation access issue in Application Development and Automation Discussions

Structural Authorisation access issue

Former Member — Wed, 16 Jan 2008 20:49:16 GMT

I am currently trying to implement Structural Authorisation. I have run into a problem and hoping someone maybe able to help. The problem I have is that when a user searchs for employee's in PA20/30 the results show all employee's that are part of the org unit that the PD profile is restricting. However it also includes users that were part of the org unit at some stage.

Now in PA30 the user does not get the header for these users but is able to access/modify some infotypes. I am not sure but I think there is a setting somewhere that will limit the PD profile to only display current employee's of the org unit only but for the life of me can not remember or recall where it is. Can anyone help with this?

Any help will be appreciated,

Many thanks in advance.

Re: Structural Authorisation access issue

Former Member — Thu, 17 Jan 2008 06:30:23 GMT

pls in the roles assign the right planning version as well as the other restrictions and your poblem should be solved

Re: Structural Authorisation access issue

former_member74904 — Thu, 17 Jan 2008 10:52:41 GMT

you could also have a look at the T582A-VALDT settings for the infotypes involved.

<a href="http://help.sap.com/saphelp_47x200/helpdata/en/48/35c8454abf11d18a0f0000e816ae6e/frameset.htm">saphelp</a>

Edited by: Dimitri on Jan 17, 2008 11:52 AM

Re: Structural Authorisation access issue

manohar_kappala2 — Mon, 21 Jan 2008 21:51:45 GMT

Hi,

Did you verify the values for the

Switch ADAYS "HR: Tolerance Time for Authorization Check"

in Transaction OOAC.

Depending on the number of days mentioned.

The person would have access to old Org Unit till the tolerance period if he modified information in that org unit.

Actual SAP documentation:

HR: Tolerance Time for Authorization Check (ADAYS)

Use

The tolerance time for the authorization check specifies the length of

time, in the case of an organizational change, that the personnel

administrator has access to the data he or she created for a person if

this person already has an organizational assignment outside of his or

her authorizations.

Input values

The tolerance time for the time logic for master data infotypes is

specified in calendar days. In the standard SAP system, the value of the

switch is set to 15 (= 15 calendar days). When this switch is active,

that is, when it contains a value greater than 0, organizational changes

that result in the loss of a particular authorization take effect in

accordance with the tolerance time.

Example

ADAYS is set to 15. In the system, only checks with P_ORGIN are active.

Administrator A has read and write access to data in personnel area A

while administrator B has read and write access to data in personnel

area B. It is assumed that for all infotypes the time dependency of the

authorization check (switch T582A-VALDT) is active.

A personnel number was assigned to personnel area A until 12/31/9999. As

of 01/01/2000 this personnel number is assigned to personnel area B. The

period of responsibilty of administrator A ends on 12/31/9999 but due to

the tolerance time, he or she continues to have unrestricted read and

write access to data until 01/15/2000 (inclusive). However, as of

01/16/2000, he or she no longer has write access to data. Nevertheless,

the administrator still has read access to all data records with a startdate prior to 12/31/9999.