cancel
Showing results for 
Search instead for 
Did you mean: 

Authorization and moving employes to another organizational assignment

Former Member
0 Kudos

Hello! I have a big problem with authorization.

Lately some employes have been moved from one organizational assignment to another organizational assignment.

After moving I prepared the user and the role for this user he will be able to read infotype records for employes in the organizational assignment where they were moved.

And now I have big problem because this user can read data of employes in current organizational assignment and also data of these people in old organizational assignment, thought I didn't give him authorization for this old organizational assignment.

I checked view of table V_T582A and there in infotype 0001, 0007, 0008 in detailes the field: Access auth was checked, so I executed tests and this field was unchecked. But this test wasn't successfule.

In table T77S0 I have the following settings for AUTSW:

AUTSW ADAYS 15

AUTSW APPRO 0

AUTSW NNNNN 0

AUTSW ORGIN 1

AUTSW ORGPD 0

AUTSW ORGXX 0

AUTSW PERNR 1

AUTSW VACAU

I changed them but the tests also weren't successfule.

Please, help me, where the error can be?. Now I don't know

where I can look for the solving of this problem.

I my company we have the system:

46C

SAPKE46CB0

the latest note: LCP CE 74

Thank you very much if anyone helps me.

Accepted Solutions (0)

Answers (2)

Answers (2)

Former Member
0 Kudos

Marta-

It is possible the AUTSW ADAYS setting of 15 is your problem. This setting allows the user to see the previous data they had access to (as in MSS scenarios) for a period of 'X' days (the standard setting is 15 days) for clean-up, etc. Try lowering this setting to 1 day and see if it fixes your problem.

Former Member
0 Kudos

Hello Marta,

Could you please tell us how you are restricting access on organisational assignment ..through structural authorization or using P_ORGIN or P_ORGXX only?

If you are using structural authorization, then you need to activate AUTSW 'ORGPD' .

Regards,

Ahmad

Former Member
0 Kudos

Hallo! Thank you very much for interested my problem.

Answering Your question, restricting access on organizational assignment is through using P_ORGIN.

But , lately I have found out that our sytem is correct in this authorization behaviour.

The new responsible user for employees in new organizational assignment can see all their data in this o.a. , and all history data these employees (in old o.a.).

But the old user who was responsible user for the old o.a.,can see all data in this old o.a.., but he isn't able to see data in new o.a., this authorization has a new user. So the system runs like this and it's probably correct behaviour.

I greet You very much

Marta Soja-Lis

McF
Advisor
Advisor
0 Kudos

Hello Marta,

yes, the behaviour is corret. The old one can not see the new data but the new one the old. It's like a personal file where the new manager has access to and the old only knows what was entered up to the end of his responsibility.

This litle "picture" always helps me.

Please go to:

http://service.sap.com/erp-hcm

On the left side click:

Services for mySAP ERP HCM

- Special Documentation

In the document "Authorizations in mySAP HR (4.6C)" from page 70 chapter "4.4 Process of Time Logic" describes the behaviour in detail.

Hope to help,

Michael

Former Member
0 Kudos

Hello Michael!

Thank You very much for Your prompt concerning documentation

"Authorizations in mySAP HR (4.6C)" from page 70 chapter ".

I'm sure it will be very helpful for me.

Best regards

Marta Soja-lis