cancel
Showing results for 
Search instead for 
Did you mean: 

PHAP_ADMIN_PA & Structural Authorizations

Chris_Thomas
Participant
0 Kudos

Good Morning all,

I am investigating the PHAP_ADMIN_PA transaction and how we will be able to use the functionality in administration of the performance review cycle.

The transaction does not seem to be subject to structural authorizations when I test it using a user having a PDPROFILE limited to a small set of organizations. The user can see all reviews. We want to limit the user's to ONLY be able to see people for whom they have authorization.

I cannot find any documentation to speak of regarding PHAP_ADMIN's use of security objects, etc..

Any feedback out there ? Just curious if anyone else has traveled this path and figured out the way to secure.

Chris Thomas

Duke University

Accepted Solutions (0)

Answers (2)

Answers (2)

Chris_Thomas
Participant
0 Kudos

I have confirmed that the PHAP_ADMIN transaction does indeed use the structural authorizations when the user selects any appraiser, appraisee or further participants.. If the user does not attempt to limit the selection of reviews by any of those parameters, and simply selects a template, the transaction returns all performance reviews, regardless of authorizations.

Does anyone have any suggestions on this front ?

Chris Thomas

Former Member
0 Kudos

Hi,

PHAP_ADMIN in the original design/version did not even take authorization on consideration at all. If you had access to the transaction then you could do anything. The transaction is/was not mend to be used by normal employees/managers. For that we have the phap_change.

What functionality from the phap_admnin are you after, which is not available in the phap_change?

Another problem with the phap_admin is that it completely ignores the column/row access and just gives you the highest possible rights. Also this is per design and wanted behavour, and another reason not to assign it to normal users.

Side note: At a customer who wanted to perform certain actions, like mass-status change, but did not want to assign phap_admin due to the above reasons I created a few implementations that did the admin functions and included them in the phap_search transaction.

So the customer had full access to admin functions combined with structural auth.

Regards and Groetjes,

Maurice Hagen

Chris_Thomas
Participant
0 Kudos

Thanks Maurice,

What I had in mind was that each of the entities (Hospitals, clinics, etc) would have an administrator. Each of those admins already have structural authorizations limiting them to their area. My desire would be for phap_admin to limit them to ONLY the People (appraisees) to which they have authorization.

In thinking further, we may be able to get away with a combined PHAP_Search for dumping data/reporting and phap_admin to update specific reviews

I will prototype with the search function a bit next as I've not done anything with it to date.

Thanks for your insight,

Chris

Former Member
0 Kudos

Hi,

Can you check if you have the u201CNo Authorization Check for Appraiseru201D flag turned on in the processing tab for your template (VA)? If yes, you can try turning it off. System should then check all the user authorizations and grant access accordingly.

Hope this helps.

Donnie

Chris_Thomas
Participant
0 Kudos

Hi Donnie,

We turned the No Authorization Check for Appraiser ON because our manager's don't manage direct reports based on the organizational structure. We are matrixed all over, so Manager's need to be able to see direct's reviews regardless of structural authorizations.

Am I reading this checkbox correctly ?