HR Authorization : Custom Authorization Object  for P_ORGIN

Similar Messages

• How to create custom BOL object for dynamic query in CRM 7.0

  Hi,
  Could anyone please explain me with steps that how to create the custom BOL object for dynamic query in CRM 7.0, I did it in previous version but its throwing exception when i try to create the object of my dynamic query class. I just defined the entry of my in crmv_obj_btil to create the dynamic query BOL object. do i need to do any other thing also to make it work?
  Regards,
  Kamesh Bathla
  Edited by: Kamesh Bathla on Jul 6, 2009 5:12 PM

  Hi Justin,
  First of thanks for your reply, and coming to my requirement, I need to report the list of items which are there in the dynamic select statement what am getting from the DB. The select statement number of columns may vary in my example for different countries the select item columns count is different. For US its '15', for UK it may be 10 ...like so, and some of the column value might be a combination or calculation part of other table columns (The select query contains more than one table in the from clause).
  In order to execute the dynamic select statement and return the result i choose to write a function which will parse the cursor for dynamic query and then iterate the values and construct a Type Object and append it to the pipe row.
  Am relatively very new for these sort of things, welcome in case of any suggestions to make it simple (Instead of the function what i thought to work with) also a sample narrating the new procedure will be appreciated.
  Thanks in Advance,
  mallikj2.

• How to find the right customizing adapter object for a R3 table?

  I customized a document type ZCRM in the R/3. Now i want to do the synch load for document types using R3AS to see if it goes to the CRM system.
  When i check TR VOV8 in R/3 customizing,  i see that table TVAK is used in R/3  to store my document type ZCRM
  Then i try to find out, to which customizing adapter object table TVAK belongs. It is described in course TCRM20 Unit 9: I check table SMOFTABLES in the CRM system using TR SE16 and search in the column R3TABNAME for tablename TVAK. But it isn´t there...
  What am i doing wrong? How can i transfer my document type?
  Thank you

  Thanks - you are right - document types/transaction types and item categories cannot be transfered at all
  I just transfered customizing adapter object DNL_CUST_PRICE because R/3 table T052 (payment terms) is included in this adapter object. I customized payment term ZCRM in R/3. A check shows a green light. Now i want to check in which table in CRM my payment terms landed?
  Table T052 does not seem to exist in CRM.
  A detail insight in adapter object DNL_CUST_PRICE  by transaction R3AC3 to check the target table in CRM shows an empty column 'Mapping structure target site'. Where could i look?
  Thank you

• Customizing replication object for customer group setting

  Hi All,
  We need to download customer group values & Material Groups values maintained in SD customizing to CRM sales.
  Could not able to get customizing object which can be used to download these customizing using R3AS.
  Please help.
  Thanks & Regards,
  Dhanraj Dange

  try Tx r3ac1 and r3ac3.

• Custom Lock objects few question issues

  Hello guys , i create a custom lock object for my z tables ( ZFISGC_MCFG )  which have 3 key field
  MANDT
  ID_EMPRESA
  CL_MVTOSGC
  now in my program doing testing i put a break point after the ENQUEUE_ of the lock object
  then when i go to the sm30 and try modif the value of the entry using the same key i pass to the ENQUEUE_ fm i can modif and save the entry now i am now if that is the right workflow in custom object lock or if i am doing something wrong , this is how i can the enqueue FM:
  call function 'ENQUEUE_EZFISGCOBJECT'
  EXPORTING
     MODE_ZFISGC_MCFG       = 'E'
     MANDT                  = SY-MANDT
     ID_EMPRESA             = p_bukrs
  *   X_ID_EMPRESA           = ' '
  *   _SCOPE                 = '2'
  *   _WAIT                  = ' '
  *   _COLLECT               = ' '
  EXCEPTIONS
     FOREIGN_LOCK           = 1
     SYSTEM_FAILURE         = 2
     OTHERS                 = 3
  if sy-subrc <> 0.
  * MESSAGE ID SY-MSGID TYPE SY-MSGTY NUMBER SY-MSGNO
  *         WITH SY-MSGV1 SY-MSGV2 SY-MSGV3 SY-MSGV4.
  endif.
  Thanks

  You have to remember that SAP locks are logical locks, not physical. This means that whatever you enqueue is not physically locked from changes. You have to ensure that any program that tries to update your table, first checks these locks and stops the update if it finds that it is already locked.
  Rob

• Global list of all custom/developed objects

  Hi all!
  We need to get a list of all custom objects of a SAP systems.
  First time we think accessing TADIR to get all repository objects of the system and after this access, get all atributes for any of the retrieved objects.
  Example:
    To a report, access TADIR and TRDIR dictionary tables. in TADIR use class of development custom or in TRDIR any of the user that don't belongs to SAP.
  But this solution to the problem is very effort and we should access so too many tables for the objects to get their attributes.
  Second time, we think filtering the objects using their namespace with FM TR_CHECK_NAME_CLASS, but this option jumps some objects, like VOFM generated objects or customer exits form VA01 transaction.
  Do any of you know the way of extracting a list of all Custom/developed objects for a System?

  Hi,
  Just check if this suffices.
  REPORT  zobjects no standard page heading
  TABLES:TADIR,TSTC,V_USERNAME,VRSD.
  TYPE-POOLS:slis,VRM.
  TYPES: BEGIN OF ittemp,
         object    LIKE tadir-object,
         obj_name  LIKE tadir-obj_name,
         text      LIKE trdirt-text,
         author    LIKE tadir-author,
         devclass  like tadir-devclass,
         name_text LIKE v_username-name_text,
         tcode like tstc-tcode,
         korrnum like vrsd-korrnum,
         END OF ittemp.
  DATA: itfinal TYPE STANDARD TABLE OF ittemp WITH HEADER LINE,
        wafinal   TYPE ittemp.
  DATA : name  TYPE vrm_id,
        list  TYPE vrm_values,
        value LIKE LINE OF list.
  DATA:itfieldcat TYPE slis_t_fieldcat_alv WITH HEADER LINE.
  DATA:itrepid TYPE sy-repid.
  itrepid = sy-repid.
  DATA:itevent TYPE slis_t_event.
  DATA:itlistheader TYPE slis_t_listheader.
  DATA:walistheader LIKE LINE OF itlistheader.
  DATA:itlayout TYPE slis_layout_alv.
  DATA:top TYPE slis_formname.
  DATA:itsort TYPE slis_t_sortinfo_alv WITH HEADER LINE.
  SELECTION-SCREEN BEGIN OF BLOCK B1 WITH FRAME TITLE TEXT-001.
  PARAMETER: PACKAGE LIKE TADIR-DEVCLASS.
  SELECTION-SCREEN END OF BLOCK B1.
  START-OF-SELECTION.
  PERFORM getdata.
  PERFORM alv.
  *&      Form  GETDATA
        text
  FORM getdata.
  read the repository object table and link with username if found
  SELECT tadir~object
          tadir~obj_name
          trdirt~text
          tadir~author
          tadir~devclass
          v_username~name_text
          INTO TABLE itfinal
          FROM tadir
          LEFT JOIN v_username
          ON tadirauthor = v_usernamebname
          LEFT JOIN trdirt
          ON tadirobj_name = trdirtname
          WHERE tadir~devclass = PACKAGE
          "'$TMP'
          AND ( tadirobj_name LIKE 'Z%' OR tadirobj_name LIKE 'Y%' ).
  CHECK sy-subrc EQ 0.
  loop at itfinal.
  *TCODE FROM TSTC
  select single tcode from tstc into (itfinal-tcode) where pgmna =
  itfinal-obj_name.
  *LATEST TRANSPORT REQUEST NUMBER FROM VRSD
  select single korrnum from vrsd into (itfinal-korrnum) where objname =
  itfinal-obj_name.
  modify itfinal.
  endloop.
  delete itfinal where korrnum is INITIAL.
  SORT itfinal BY author object.
  ENDFORM.                    "GETDATA
  *&      Form  ALV
        text
  FORM alv.
  IF itfinal[] IS INITIAL.
      MESSAGE 'No Values exist for the Selection.' TYPE 'S'.
      STOP.
    ENDIF.
    DEFINE m_fieldcat.
      itfieldcat-fieldname = &1.
      itfieldcat-col_pos = &2.
      itfieldcat-seltext_l = &3.
      itfieldcat-do_sum = &4.
      itfieldcat-outputlen = &5.
      append itfieldcat to itfieldcat.
      clear itfieldcat.
    END-OF-DEFINITION.
    m_fieldcat 'OBJECT' ''   'OBJECT' ''       04  .
    m_fieldcat 'OBJ_NAME' '' 'PROGRAM NAME' '' 40 .
    m_fieldcat 'TCODE' ''    'TCODE' ''        20 .
    m_fieldcat 'TEXT' ''     'DESCRIPTION' ''  70 .
    m_fieldcat 'AUTHOR' ''   'AUTHOR' ''       80 .
    m_fieldcat 'DEVCLASS' '' 'PACKAGE' ''      30 .
    m_fieldcat 'KORRNUM' ''  'LATEST TRANSPORT REQUEST' '' 20 .
  itlayout-zebra = 'X'.
  itlayout-colwidth_optimize = 'X'.
    CALL FUNCTION 'REUSE_ALV_GRID_DISPLAY'
        EXPORTING
          i_callback_program      = sy-repid
          is_layout               = itlayout
         i_callback_user_command =  'LIST1'
          i_callback_top_of_page  = 'TOP'
          it_fieldcat             = itfieldcat[]
          i_save                  = 'A'
       is_variant              = ITVARIANT
          it_events               = itevent[]
       is_print                = ITPRINTPARAMS
          it_sort                 = itsort[]
        TABLES
          t_outtab                = itfinal
          EXCEPTIONS
          program_error           = 1
          OTHERS                  = 2.
    IF sy-subrc <> 0.
      MESSAGE ID sy-msgid TYPE sy-msgty NUMBER sy-msgno
              WITH sy-msgv1 sy-msgv2 sy-msgv3 sy-msgv4.
    ENDIF.
  ENDFORM.                    "ALV
  *&      Form  TOP
      Top of page for ALV Report
  FORM top.
  DATA:STRING1(70),
       STRING2(70),
       title1(100),
       title2(100),
       count(10).
  describe table itfinal lines count.
  CALL FUNCTION 'REUSE_ALV_EVENTS_GET'
       EXPORTING
          i_list_type           = 0
       IMPORTING
          et_events             = itevent
  EXCEPTIONS
    LIST_TYPE_WRONG       = 1
    OTHERS                = 2
    IF sy-subrc <> 0.
  MESSAGE ID SY-MSGID TYPE SY-MSGTY NUMBER SY-MSGNO
          WITH SY-MSGV1 SY-MSGV2 SY-MSGV3 SY-MSGV4.
    ENDIF.
  string1 = 'List of Objects in Development Class'.
  concatenate string1 ':' itfinal-devclass into title1.
  walistheader-typ = 'H'.
  walistheader-info = title1.
  APPEND walistheader TO itlistheader.
  string2 = 'Total No.of Objects'.
  concatenate string2 ':' count into title2.
  walistheader-typ = 'H'.
  walistheader-info = title2.
  APPEND walistheader TO itlistheader.
    CALL FUNCTION 'REUSE_ALV_COMMENTARY_WRITE'
      EXPORTING
        it_list_commentary      = itlistheader
      I_LOGO                   = ''.
      I_END_OF_LIST_GRID       =
     ENDIF.
    CLEAR itlistheader.
  ENDIF.
  ENDFORM.                    "TOP
  *&      Form  list1
        ALV Interactive-
       -->R_UCOMM    text
       -->RS_SELFIELDtext
  FORM list1 USING r_ucomm LIKE sy-ucomm rs_selfield TYPE slis_selfield.
    CASE r_ucomm.
      WHEN '&IC1'.
        IF rs_selfield-fieldname = 'OBJ_NAME'.
          READ TABLE itfinal INDEX rs_selfield-tabindex.
          SET PARAMETER ID 'RID' FIELD itfinal-OBJ_NAME.
          CALL TRANSACTION 'SE38' AND SKIP FIRST SCREEN.
        ELSEIF rs_selfield-fieldname = 'TCODE'.
          READ TABLE itfinal INDEX rs_selfield-tabindex.
          SET PARAMETER ID 'TCD' FIELD itfinal-TCODE.
          CALL TRANSACTION 'SESSION_MANAGER' AND SKIP FIRST SCREEN.
       ENDIF.
    ENDCASE.
  ENDFORM.
  K.Kiran.

• Custom Authorization Object for HR

  Hi,
  As per our Company's internal needs I have created a Custom Authorization Object for HR named ZP_ORGIN (it has Personnel Subarea field BTRTL besides what's there in Auth. Object P_ORGIN) and made it Check/Maintain for transaction PA30 in SU24.
  I can see the entries in the USOBT_C & USOBX_C tables for this object, I am also able to add this object in the roles as well.
  Everything looks fine, but when I execute the transaction & do a trace on it, the object ZP_ORGIN is never checked (for a user having this object in his/her User Master). Only P_ORGIN object is checked instead.
  I believe I'll have to write some ABAP code e.g. AUTHORITY-CHECK OBJECT 'ZP_ORGIN' etc. Can anybody tell  which User Exit or Field Exit I'll have to put the AUTHORITY-CHECK code in, so that my new custom authorization object is alwayz checked.
  Your help will be appreciated.
  Thanks,
  Mandeep Virk

  Hi,
  I have created a Custom Authorization Object for HR named Z_ORIGIN (it has Personnel Subarea field BTRTL besides what's there in Auth. Object P_ORIGIN) and made it Check/Maintain for transaction PA30 in SU24.
  I can see the entries in the USOBT_C & USOBX_C tables for this object, I am also able to add this object in the roles as well.
  Everything looks fine, but when I execute the transaction  the object Z_ORIGIN is never checked (for a user having this object in his/her User Master). Only P_ORIGIN object is checked instead.
  We've ran the report RPUACG00 also which is mentioned in this thread.
  We also coded the authority check code in the both user exit ZXPADU01 and ZXPADU02 for PA infotype operations
  I believe I'll have to write some ABAP code e.g. AUTHORITY-CHECK OBJECT 'ZP_ORGIN' etc. Can anybody tell which User Exit or Field Exit I'll have to put the AUTHORITY-CHECK code in, so that my new custom authorization object is alwayz checked
  but still it is taking the P_ORGIN object.

• Custom authorization object and check logic

  Hi gurus,
  we need to apply additional authorization check in our custom reports.
  so i created a custom fields & object, and put the statement
        AUTHORITY-CHECK OBJECT 'ZHR_APP01' FOR USER uname
                 ID 'ZROLEID' FIELD '03'
                 ID 'ZSOBID'  FIELD zzdwbm.
  in a abap class method centrally, so it could be called by many reports.
  but the test show that the sy-subrc always set to 0, even for users without any authorization.
  what i missed for adding custom auth check?
  for this case, do i need to maintain authorization check indicator in SU24?
  what i am confused is that , su24, you have to maintain a transaction , but our authorization check is not for transaction , but for reports and bsp application, how should i maintain su24 for that?
  thanks and best regards.
  Jun

  Hi,
  I have created a Custom Authorization Object for HR named Z_ORIGIN (it has Personnel Subarea field BTRTL besides what's there in Auth. Object P_ORIGIN) and made it Check/Maintain for transaction PA30 in SU24.
  I can see the entries in the USOBT_C & USOBX_C tables for this object, I am also able to add this object in the roles as well.
  Everything looks fine, but when I execute the transaction  the object Z_ORIGIN is never checked (for a user having this object in his/her User Master). Only P_ORIGIN object is checked instead.
  We've ran the report RPUACG00 also which is mentioned in this thread.
  We also coded the authority check code in the both user exit ZXPADU01 and ZXPADU02 for PA infotype operations
  I believe I'll have to write some ABAP code e.g. AUTHORITY-CHECK OBJECT 'ZP_ORGIN' etc. Can anybody tell which User Exit or Field Exit I'll have to put the AUTHORITY-CHECK code in, so that my new custom authorization object is alwayz checked
  but still it is taking the P_ORGIN object.

• How to add custom authorization object to a SAP standard transaction

  Hi All,
  I have a standard tcode IW22 (change PM Notification) and I would lock changing when some users modify the field Functional Location (field TPLNR).
  Since this field does not have an authorization object associated, I've tried to solve this problem with the following steps:
  - tcode SU20 - creation of new authorization field TPLNR with data element TPLNR
  - tcode SU21 - creation of  a new auth object in transaction SU21 with name ZPM and field (TPLNR, ACTVT and TCOD)
  - tcode SU24 - insert of new authorization field e check indicator (green)
  - tcode SU22 - check indicator - check (green)
  After this we have created a new role with PFCG and add transaction IW22; the new auth.ZPM was added manually.
  We have try to analyze log (ST01 trace) but it seems no check was made in the trace file.
  It seems new authorization object was not checked.
  My question is: "Is it possible to add a custom authorization object into standard transaction and implementing authorization check without writing abap code in exit or badi ?"
  Thanks
  Maurizio

  > My question is: "Is it possible to add a custom authorization object into standard transaction and implementing authorization check without writing abap code in exit or badi ?"
  >
  No .. not possible. The list of Auth. objects SAP proposed in SU24 for each Stnd. SAP TCodes are basically documentation of the Authority-Checks in the program for that TCode. The extra advantage of SU24 is to set the object status (means the proposal for availability in PFCG) among any of the four check indicators. So that we can provide our own value (customer specific values which are basically defined and separate from sap provided values) and reinforce the authorization concept of the organization.
  So you need to provide a Authority-Check for ZPM in the program of IW22 to make sure that the fields you want to be checked are really being checked during execution of the tcode.
  Regards,
  Dipanjan

• HR custom authorization objects

  Is it possible to have more than one custom HR authorization object active at the same time? For example if I need 2 custom variations of P_ORGINCON (I  have some very complex requirements),  is that possible, or am I limited to just 1? Having more than 1 seems to present a problem when I run RPUACG00 to generate include MPAUTCON. It overlys the code generated fo the first cusom object with code for the second object, therefore only allowing cgenerated code to exist for 1 of the objects.
  And one additional question - when I create a custom HR object (one which contains infotype, subtype, persg, persk etc), am  I limitied to only using fields from PA0001 in that object?  If I include some other field that does not exist on PA0001, when I run RPUACG00 it gives me the error "Field xxx is not allowed  in authorization object Z_xxx".
  Many thanks,
      Mike

  One example of a  requiremnet I have is for a manager to have 3 different types  of authority based on when a position was in his org structure. So if a position is currently in his org structure he might have WRITE access to their infotype 2,6,8... for positions that were in his org strucure between 1 and 60 days ago (but are not in his structure as of today) he might have WRITE access to their infotype 2 and 6 and READ access to other infotypes, and for people that were in his structure 61-9999 days ago, he might have only READ  access to all the position's infotype data.
  I was thinking of using 3 disctinct HR authorization objects to cover each of these 3 scenarios, but ran into the issue mentioned above with the generation program RPUACG00.

• HR custom authorization issues/BADI to be used for some customization

  We can develop custom authorization object in HR and run RPUACG00 to generate include MPAUTCON.Is it possible to include some customizations to the MPAUTCON program to accomplish some of our requirements.
  If not can you please suggest me a BADI/User exit which can be used to develop some customization on a specific field, which can be called at the times the HR Master data is being changed/displayed/created.
  Thanks in adavnce for the answers.

  Hi Kiranm,
  the MPPAUTCON program (or MPPAUTZZ in non-contextual mode) is automatically generated by the RPUACG00 report.
  But you can modify it to add custom controls.
  Best regards.

• What is standard authorization object for  Personal development  P_PLOG

  Hi,
  Recently i got a object in HR and i dont have any experince in HR.Could you guide me how to asssign standard authorisation object for the personal development p_plog? how to see the infotypes and what is the header field in innfotypes?

  1-First of all the object is "PLOG"  for personal planning. There’s no object with  p_plog , most of time to maintain HR master we use object P_ORGIN.
  2- You want to assign authorization for certain infotypes?
  if yes, you have to go TR.PFCG  and assign the authorization to that specific role.
  Now you might have question , how you’ll will track down the roles against the authorization object .
  There’re several ways , you can go to Tr.SUIM and find reports by user , roles etc.
  You can also go SE16-> give table AGR_1251, give object and you can see the values in table.
  After finding the suitable roles you can go to PFCG and assign the values to the roles.
  As a good practice its better to create your OWN role Z:hrXXXX and assign it to users.
  Hope this’ll give you idea!!
  <b>P.S award the points.</b>
  Good luck
  Thanks
  Saquib Khan
  "Knowledge comes but wisdom lingers!!"

• SRM 7.0 authorization objects for table maintenance

  Hi guys,
  I wanted to know how authorization objects work in SRM.
  I created a custom table which key filed is company code (BUKRS). And in the table maintenance view I have to add an authorization object based on the company code.
  Is it possible to do that in SRM?
  Thanks!!

  Hi,
  Authorization concept is same for all ABAP based application. Do you have any issue in SRM?
  Regards,
  Masa

• Authorization Object For Activate Reservation/Purchase Req - IW31

  Hi,
  I want to authorize only certain users to use button  "Activate Reservation/Purchase Req" IW31 transaction. What is the Authorization Object for the above mentioned button, if any. Is there any other way that i can do this activity in customizing? I am using ECC 6.0
  We find that activating the objects below (suggests- SU24)
  M_BANF_BSA
  M_BANF_EKG
  M_BANF_EKO
  M_BANF_WRK
  allowed in IW31, that 'not-authorized-users' would not be able to create purchase requistions. therefore: no material procurement.
  But for reservations, we didn´t find  the object in  IW31.
  Thanks and regards
  Gabriel.
  Edited by: Gabriel_Fornazier on Dec 31, 2010 12:16 PM

  Olá Michely
  Segundo a SAP não existe objeto de autorização em BASIS para restringir por usuário o botão da transação IW31 que eu precisava(Ativar Reserv./Req. de Compra). Portanto segundo a SAP, poderia usar a ampliação IWO10006 para resolver isso.
  E foi o que fiz. Primeiramente criei manualmente um objeto de autorização 'Z'  dummy, para atribuir a um usuário que não quero que enxergue o botão.   'DISP' o nome do botão(dar F1 no mesmo) que desejo esconder.
  Posteriormete na EXIT desenvolvi o seguinte código para esconder o botão:
  AUTHORITY-CHECK OBJECT 'Z_VORG_ORD'
             ID 'ZBETRVORG' DUMMY.
  IF SY-SUBRC EQ 0.
    FCODE_EXC_CUST-FCODE = 'DISP'.
    APPEND FCODE_EXC_CUST.
  ENDIF.
  Portanto, todo usuario que tiver aquele objeto de autorização ''Z'' no seu perfil não vai exergar o botão Reserv./Req. de Compra.
  Essa é a melhor solução do que usar objetos de autorização de outras transações.
  Espero ter ajudado
  abraços,
  Gabriel M. Fornazier
  SAP FI Certified Professional
  Minas Gerais - Brasil

• Authorization object for Command Button

  Hi all,
  How can I create the Authorization object for command button which is on application server.
  if you do not have auth when you click on that command button, it should be say 'you dont have auth'.
  please help me in this.
  regards,
  Ajay reddy

  Hi,
  Tcode for Authorization Objects are,
  su20----> for defineing authorization field ,
  su21-----> for authorization class,
  su22------> for assignement authorization object
  To create an authorization object:
  1) Execute transaction SU21
  2) Double-click an Object Class to select a class that should contain
  your new auth object
  3) Click on CREATE (F5)
  4) (If creating custom field) - Click the 'Field Maintenance' button -->
  Click on CREATE (Shift+F1)
  5) Enter the Name for the New Authorization field and the corresponding
  Data Element and SAVE
  6) Confirm the Change Request data for the new Authorization Field
  7) Go back two screens (F3-->F3)
  8) Enter the Authorization field name and document the object:
  9) SAVE and ACTIVATE the documentation
  10) Save the new Authorization Object
  11) Confirm the change request data for the Authorization Object and
  EXIT SU21
  12) Finally, the SAP_ALL profile must be re-generated
  Regards,
  hema.