on 09-28-2007 10:55 AM
Hi Experts,
I am trying to implement the concept of double verification within ESS. My requirement is that the employee should be able to modify an existing record or create a new one but only with the lock indicator, so then the HR Administrator can go in the backend and remove the lock indicator once he's checked the information (the main purpose being to avoid developing a workflow).
I've read a lot about the concepts of double verification and went through something like 60 posts, but still i can't manage to work it out.
I've made a copy of the standard role SAP_ESSUSER_ERP to modify authorizations. Let's take the example of infotype 0006 - Address. I've removed this infotype from existing lines of class P_PERNR to isolate it. I've created a new authorization object in which i tried to play around with authorization levels. The theory is that authorization level should be set to R, E or R, E, M to allow this. However i've tried that and it doesn't work as i'm getting an error message at the review step of my iView saying "You do not have authorization to change". The only authorization level giving me this authorization is either D or W, in which case the lock indicator is not set.
Anyone has ever done that this way ??
Many thanks,
Sylvain.
1. how many roles are assigned to your user.
2. if you are using same user in R/3 and EP then this is not possible that you can do it from R/3 and not for EP
3. How are you doing it from R/3 is it through PA30.
4. Which authorization object are being given the authorization E R S is it p_orgin or p_pernr
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Barin,
Here are the answers to your question :
1. how many roles are assigned to your user.
I have assigned the following roles to my user :
SAP_BC_EMPLOYEE
SAP_BC_ENDUSER
SAP_HR_PA_XF_EXPERT
ZSAP_ESSUSER_ERP (copie of SAP_ESS_USER modified to play with that authorization thing)
2. if you are using same user in R/3 and EP then this is not possible that you can do it from R/3 and not for EP
Exactly the same user ! Incredible i know, i don't understand it either...
3. How are you doing it from R/3 is it through PA30.
Yes via PA30
4. Which authorization object are being given the authorization E R S is it p_orgin or p_pernr
That's P_PERNR, as in the portal the employee should only be able to mmodify his own data.
Hi,
I am facing the same problem. Could anybody able to resolve this. It works pefectly fine in backend SAP ECC but not in ESS. I have used Authorization object P_PERNR and E, M, R levels. I tried also with E, M, R & S for infotypes but still no success. When I try in backend SAP, i can create as a locked record. However if I try in ESS, I get a message, no sufficient authorization.
Pls let me know as to how to resolve this.
Thanks in advance!
Hi swetha and everybody,
In older Portal versions (transactions PZ...), it was possible, also in PA30 and all the backend std programs.
In new Portal versions (web dynpro technology) that it's not possible, only write or read functions are available.
There is some workarounds you can do (including NWDI development); e.g. create a transaction (or IAC) iView that calls the old PZ... transactions
KR
hi please use S and E both for it. I have createad a role just now and used s and e both for IT6 subtype 1 and it has worked.
thank you
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hello Barin,
I have just made the test as well, as you said, but this doesn't work for me in the portal. I gave authorization level E, S and R in P_PERNR for infotype 0006 subtypes 1 and 4, and i'm still getting the "You have no authorization to insert" message. It works fine in the backend though.
Any other idea ?
Sylvain.
sorry for that its
S (write locked record; unlock if the last person to change the record is not the current user),
E (write locked record),
pl use E
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi again Barin,
I've done what you said, i tried with authorization level E, but that doesn't work. I have tried many combinations of authorization levels but i couldn't make it to work from ESS. It seems that it is working in the backend though, but that is not what i need to do.
Regards,
Sylvain.
This is very much possible and we have done this. you can send an executable email to administrators inbox and when administrator executes this it will automatically go to pa30 where he / she can unlock.
check the authorization object P_PERNR - HR MASTER DATA Personnel Number authorization check and put value S in authorization level for infotype 0006.
you will surely achieve this.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Barin,
Actually the 'S' authorization would be for the HR Administrator to validate the data (that is not a problem). What i'm struggling with is the authorization of the employee to modify his own data. I've tried to give the employee authorization level RE or RS, but that doesn't work, it still tells me in the portal that i do not have the right to change or insert data.
How did you set the authorizations for the employee in your own case ?
Thanks,
Sylvain.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.