cancel
Showing results for 
Search instead for 
Did you mean: 

Restrict authorization to certains transactions

Former Member
0 Kudos

Hello, pleasure greet you

This is a doubt about how can evit RH`s users can watch dates of employees that don´t need

I have an authorization object called P_ORGIN, I agree the organization key VDSK1, but it only work at transaction PA30, it doesn´t work at others standard transactions, like S_AHR_61016309, S_ALR_87014135, PC00_M99_CLGA09

How can I configure to can achieve that as well as PA30 can restrict information.. make the same with the others standard transactions...

but i don´t want to add the organization key VDSK1 to each transaction, because is so much information and it is so important, and i think is risky move all this reports

So I relly appreciate that someone could help me

Thanks

Edited by: EliSapteam EU on Sep 10, 2010 9:12 PM

Accepted Solutions (1)

Accepted Solutions (1)

AFS
Product and Topic Expert
Product and Topic Expert
0 Kudos

Hi,

so I understand you have set up authorization profiles with object P_ORGIN, and the restrictions just work in transaction PA30 but not in reporting. In that case it could be that the user has also authorization P_ABAP assigned for those reports or for report SAPDBPNP. This authorization object can overpass the standard HR authorization checks. Please read the documentation of this authorization object.

Regards,

Ana

Former Member
0 Kudos

Hi, Ana thanks to answer me

Well, I think I didnt explain fine

That I mean, is that how can i do to restrict information HR by Center

That is to say, One user in Center1, have access at standard HR authorizations, but only can visualize information about Center 1, and not of other Centers. Other user of in Center 2, have access at the same standard HR authorizations but just can visualize information about Center 2.

With the authorization object P_ORGIN when I use VDSK1 like a orgnization key, it work to restrict information by center, but only in transaction PA30 but not in reporting.

Good day..

Edited by: EliSapteam EU on Sep 14, 2010 8:02 PM

ted_dinh
Active Contributor
0 Kudos

I agree with Ana's respond. If P_ORGIN is working within PA30, and not in HR reports, you'lll definitely need to check user's prorfile on P_ABAP object of 'SAPDBPNP'. If the user has this access, it means that for HR reporting using PNP logical dbase, HR authorization will be ignored.

Answers (2)

Answers (2)

Former Member
0 Kudos

better configure a separte role with specific Tcode you want to give and assign to user

Regards

Former Member
0 Kudos

I read the question three times but I can't still figure out what is the requirement.

S_TCODE (and for some HR transactions P_TCODE) controls access to transactions.

P_ORGIN controls infotype access to employees. You need to understand infotype concept and personnel structure to use it.

P_PERNR controls access to own data (make sure that PERNR switch is set on in transaction OOAC).