cancel
Showing results for 
Search instead for 
Did you mean: 

Question about authorization

Former Member
0 Kudos
98

In our company we use the Organization Key to define the authorization. But a user can't use Query to display the employee's data in the period in which the employee's Org Key is included in the user's authorization, on the other hand the user can display that employee's data by PA20.

Example, a emloyee's Org Key is 10000000 in period 2006.01.01 - 2006.12.31, 20000000 in period 2007.01.01 - 9999.12.31. A user has the authorization for Org key 10*. When the user run the Query display the data in period 2006.01.01 - 2006.12.31, the employee mentioned above can't be displayed. But the user can use PA20 to display the employee's data in period 2006.01.01 - 2006.12.31.

So I want the Query do the same work as PA20, Can anybody help me to solve this problem?

Accepted Solutions (0)

Answers (5)

Answers (5)

Former Member
0 Kudos

Try activating partial authorizations for queries.

Former Member
0 Kudos

Hi, vick,

Could you give me more detail? How to set partial authorizations for queries?

Thanks a lot!

Former Member
0 Kudos

Hi, John

I designated explicitly both of the data and person selection period. It doesn't work.

Former Member
0 Kudos

Hi Dan,

Actually, after a more thorough read of the "Authorizations in mySAP HR" document it appears this is intended behaviour, so fiddling with the query dates won't help.

In a nutshell, the technical authorisation check that occurs when ORGXX is switched on just reads in the Infotype 0001 records and checks if the user has responsibility for the personnel numbers. I assume that means whether the administrator has responsibilty for the employee NOW.

So a gaining administrator can see all of their data, even for periods they had no responsibility, but the losing administrator doesn't see anything!

Just to complete the picture, there is a switch in table T77S0 called AUTSW ADAYS which seems to control how long the losing administrator can see the employees data. I think by default this is set to 15 days.

Sorry I can't be more help, but I generally avoid using ORGXX.

Regards,

John

Former Member
0 Kudos

Hi, John

I think there is a little misunderstanding. In fact we usr the authorization object P_ORGIN, not P_ORGXX. The 'Administrator' mentioned in my post doesn't indicate the administrator field in infotype 0001, it just means sombody who is responsible for HR master data.

We use the VDSK1 of P_ORGIN to control the access to persons' master data, and the Org Key( VDSK1) field in infotype 0001 is same as Org Unit. So we define the different authorization for different organization by this way.

Former Member
0 Kudos

Hi Dan,

Ok, got you now. In any case, I think you will find that the "period of responsibility" technical authorisation check works exactly the same way with P_ORGIN.

Regards,

John

Former Member
0 Kudos

HI, Om Prakash

I had tried the Structure Authorization, but the result is same as using Org Key.

Former Member
0 Kudos

Dan,

Are you using Adhoc Query or predefined SAP Queries (i.e. SQ01)?

I think the problem you are having could be due to the "person selection dates" being used to run the queries.

As far as I know, both query tools allow you to specify both person selection and data selection dates. So, in your example above the person selection dates in the query would need to cover at least part of the period that the administrator had access to the particular employee, or their authorisations would prevent anything from being displayed.

Regards,

John

Former Member
0 Kudos

Hi, Jaanu Shree

In another word, my problem is following. A administrator is responsible for one organization, example, the Org A. So the administrator can use Query to display the data of persons who are belong to the Org A, He has no authorization to display the person who are belong to Org B. But what happen when a person is transfered from Org A to Org B? I found that the Query can't display this person's data, including the data in the period in which the person belong to the Org A. But PA20 can. So I want the Query also to diplay the data in the period in which the person belong to the Org A, How could I do?

Anybody can help me? Thanks!

Former Member
0 Kudos

Hi Dan

Please check the table T526 and also check the feature of PINCH and VDSK1 pinch is for administrator group and vdsk1 is for organization key authorization . Sp Please check this.

bye

Naveen

Former Member
0 Kudos

Hi Dan.

I hope, in that case you can use the Structural authorization. Then system will display the records of the employee under him, but important aspect is selection period. You have to select the period, in which he was in the Organization.

Good Luck

Om

Former Member
0 Kudos

Hi,

Your question is soemwhat difficult to understand. Can you elaborate it?

You have given the authorizations to display through Query for Ork Key 10*. Even then it is displaying, am I right?

Cheers,

JS