cancel
Showing results for 
Search instead for 
Did you mean: 

ABAP: Modify PA infotype without authorization check

jensupetersen
Participant
0 Kudos

Hello everyone,

Short version:

I know two FM that can modify PA infotype data:  HR_MAINTAIN_MASTERDATA and HR_INFOTYPE_OPERATION. However, neither of those includes a parameter that allows using them without them automatically checking authorizations (like you can do with, say, FM RH_INSERT_INFTY which has parameter AUTHY to disable authorization checks but only works with OM infotypes, but not PA infotypes).

Does anybody know a solution?

Long version:

We want the travel department to be able to maintain infotype 17, and only infotype 17. In fact, there are only two fields there that need to be maintained in our company. That department should not have access to any other infotypes, and we are not going to give them PA30. On the other hand, they shall be able to do so for any employee, no matter from which personnel area, subarea, and organizational unit.

So I have created a small program with a mask specifically tailored to their needs. But we do not want to give them any PA authorizations. Giving them P_ORGIN to infotype 17 might not be a big deal, but then we would also need to give them structural authorization to all companies (= org units and personnel areas). Unlimited structural authorization is a big deal, and I would rather avoid granting that to someone who is not supposed to be doing anything but this tiny bit in HR. The only authorization that I would like to see in place is transaction authorization for my program. Anyone who has that should be allowed to maintain these IT 17 fields for any employee, but nothing else.


The problem is that upon writing the data, FM HR_INFOTYPE_OPERATION auto-checks the authorization required for maintaining the infotype, including structural authorization, and so does FM HR_MAINTAIN_MASTERDATA, as far as I understand. Is there an alternative I could go for?

View Entire Topic
jensupetersen
Participant
0 Kudos

Thanks all so far.

BDC most obviously does authorization checks (as it is but a simulation of regular manual input) and is therefore no solution.

What I have stumbled across now is the function group HRECM00INFTYACCESS. FM HR_ECM_INSERT_INFOTYPE (or HR_ECM_MODIFY_INFOTYPE), followed by HR_ECM_FLUSH_INFOTYPE, appears to do the job nicely and does have an import parameter NO_AUTH_CHECK. Does anybody know anything about these FM? Are they safe to use? Are there any drawbacks to them? What does "ECM" stand for?

0 Kudos

ECM stands for Employee Compensation management and is one of the SAP HR module.

But I doubt you can use ECM specific function module to modify/insert infotype 17 values as below are the main infotypes for ECM module.

 

Employee Infotype

 

Description

0758

Compensation Program

0759

Compensation Process

0760

Compensation Eligibility Override

0761

LTI Granting

0762

LTI Exercising

0763

LTI Participant Data