Authorization check in LDB PNP

Hi All,
I am using logical database PNP in my report program and GET PERNR to fill the infotype tables. Infotype level authorization checks are performed but not Org data level (organizational assignments). The role assigned to me has access to data of specific personnel areas but I am able to retrieve data of all personnel areas (this was maintained in the authorization object P_ORGIN).
I read the level of simplification should have a value 1 in the authorization object P_ABAP for Org Level authorizations to be performed. I have updated my role but still org level authorizations are not performed.
Can you please let me know if  any special setting are to be done like in Tcode OOAC or set some flags/parameters in the report program to perform org data level authorization.
Any information provided will be really helpful.
Thanks,
Pavan

Hi,
A separate ID was created in an environment similar to production and proper authorization were assigned to it (I mean roles with authorization objcts P_ABAP - level of simplfication 1 and P_ORGIN - restricting based on personnel area). Still Org level authorizations were not performed while using the LDB PNP. Is there anything I am missing?
Thanks,
Pavan

Similar Messages

  • Macro to switch off authorization check in LDB

    Hello Folks,
    Could anyone share the macro to switchoff autorization check in LDB for a particular program.
    Regards,
    Nishanth Kumar

    not answered

  • Skipping Authorization check in LDB

    Hi Experts,
    I have developed a report using PNPCE LDB which displays organizational data and data from infotypes 0000,0001,0006,0017,0019,0020,0027,0105,0315 in the form of ALV.
    Currently, if the person who runs the report doesnt have authorization for any of the above infotypes, the report completely errors out with message 'No authorization for infotype xxxx' . this happens in GET PERAS in method CHECK_MIN_INFTY_AUTHORIZATION of class CL_HRPAD00AUTH_CHECK_STD.
    but my client wants the different functionality. If the person who is running the report doesnt have authorization for any particular infotype (for ex 0002) then data from that infotype should not appear in the output but data from other infotypes for which he has authorizations should be displayed.(error message should not be displayed).
    Please suggest me how to meet above requirement.

    Hi
    Try setting the PNP_SW_SKIP_PERNR to 'N' Initialization.

  • LDB PNP authorization check authorization object

    Hi,
    I have used LDB PNP for HR reports.
    We are using the authority check also, but the problem is all the records/data for all the people is being read by the report where some of the people data should not have been read as they belong to some other personal area that the role of the executer (user).
    Hence it appears that authorization check is not working properly.
    Following is how I am using it, Please suggest corrections or alternate way to correct this issue.
        rp-provide-from-last p0002 space gwa_outlist-begda 
                                                        gwa_outlist-begda.
        IF pnp-sw-found NE '1' OR
            pnp-sw-auth-skipped-record EQ '1'.
            EXIT.
        ELSE.
            ls_tab-vorna = p0002-vorna.
            ls_tab-nachn = p0002-nachn.
        ENDIF.
    Please reply with the corrections ore alterations,
    Thanks in advance.
    Akash.

    Hi,
    (1)
    Actually, if you're wirting report with PNP LDB, you do NOT need to do this hard-coded auth checking at all. Because the LDB abap code behind PNP has already do this job for you.
    So all you need to do is to ask you HR consultant or Basis consultant to modify the authority config of certain ROLE with t-code PFCG, and then assign that ROLE to certain user with t-code SU01.
    ABAP code behind PNP will automatically verify the current user according to his ROLE setting.
    (2)
    In some case you do not work with LDB report, then you need to do the authority check by yourself. General function  AUTHORITY_CHECK is what you need.  AUTHORITY_CHECK do the authority check by means of Authority Object.Belows are authority objects used in HR module(you can also see in PFCG if technial name switched on):
    P_ORGIN    HR: Master Data
    PLOG       Personnel Planning
    P_PCLX     HR: Clusters
    P_TCODE    HR: Transaction codes
    Sample of checking personal area:
    CALL FUNCTION 'AUTHORITY_CHECK'
         EXPORTING
              FIELD1              = ' PERSA'
              OBJECT              = 'P_ORGIN'
              USER                = 'SAPSUPPORT1'
              VALUE1              = 'Z001'  
         EXCEPTIONS
              USER_DONT_EXIST     = 1
              USER_IS_AUTHORIZED  = 2
              USER_NOT_AUTHORIZED = 3
              USER_IS_LOCKED      = 4
              OTHERS              = 5.  
    IF SY-SUBRC NE 2.
    MESSAGE E001(01) RAISING AUTH_FAILED.
    ENDIF.
    Reward if helpful pls!

  • LDB PNP authorization check at record level - rp_provide_from_last

    hi,
    i am using LDB PNP,
    I am using macro 'rp-provide-from-last' .
    I neeed to place a authorization check so that the user of the program should only be allowed to view records of the people which comes under the same personnel area as of the user of the program.
    Can you please guide me on how to implement this?
    thanks in advance,
    akash.

    Hi,
    (1)
    Actually, if you're wirting report with PNP LDB, you do NOT need to do this hard-coded auth checking at all. Because the LDB abap code behind PNP has already do this job for you.
    So all you need to do is to ask you HR consultant or Basis consultant to modify the authority config of certain ROLE with t-code PFCG, and then assign that ROLE to certain user with t-code SU01.
    ABAP code behind PNP will automatically verify the current user according to his ROLE setting.
    (2)
    In some case you do not work with LDB report, then you need to do the authority check by yourself. General function  AUTHORITY_CHECK is what you need.  AUTHORITY_CHECK do the authority check by means of Authority Object.Belows are authority objects used in HR module(you can also see in PFCG if technial name switched on):
    P_ORGIN    HR: Master Data
    PLOG       Personnel Planning
    P_PCLX     HR: Clusters
    P_TCODE    HR: Transaction codes
    Sample of checking personal area:
    CALL FUNCTION 'AUTHORITY_CHECK'
         EXPORTING
              FIELD1              = ' PERSA'
              OBJECT              = 'P_ORGIN'
              USER                = 'SAPSUPPORT1'
              VALUE1              = 'Z001'  
         EXCEPTIONS
              USER_DONT_EXIST     = 1
              USER_IS_AUTHORIZED  = 2
              USER_NOT_AUTHORIZED = 3
              USER_IS_LOCKED      = 4
              OTHERS              = 5.  
    IF SY-SUBRC NE 2.
    MESSAGE E001(01) RAISING AUTH_FAILED.
    ENDIF.
    Reward if helpful pls!

  • Authorization checks for PNP LDB

    question    : how to validate authorization checks for pnp logical database?
    2 nd question: hr report
    this report is basically for salary survey. in this i had so many fields can any body let me know how
    can i form the internal tables. and i have to display overall 150 fields in csv file for that
    how can i take in to the final internal table.
    what is the logic behind this:
    T71JPR09-JOBCODE
    PA0000-PERNR
    HRP1000-STEXT
    P0006-PSTLZ
    PA0008-ANSAL * 100 / PA0008-BSGRD
    PA0015-BETRG
    PA0761-LTEXT  WHERE PA0761-CPLAN = LTI PLAN PSU YEAR 1
    PA0761-GRADT  WHERE PA0761-CPLAN = LTI PLAN PSU YEAR 1
    PA0761-ZZGRANT WHERE PA0761-CPLAN = LTI PLAN PSU YEAR 1
    PA0761-LTEXT WHERE PA0761-CPLAN = LTI PLAN esu YEAR 1
    like that i had.
    please give me the steps how can i proceed.

    Hi,
    The PNP database will take care of authorization check. It will not execute if used does not have authorizations.
    Hope this helps.

  • Coding ABAP using LDB PNP and authorizations problems

    This post requires a blend of ABAP and HCM skills.
    When coding my own ABAP using LDB PNP, the LDB will provide me with the employees selected but will skip those for which I do not have access (regarding Authorizations settings) to one or more of the infotypes declared in the program.
    As a programmer I would like to receive from the LDB the information that an employee is skipped so that I can handle the exception.
    Do you know how can I get this information from the LDB?
    Thanks

    I dont know if PNP can do it but PNPCE can:
    at END-OF-SELECTION call macro PNP_GET_AUTH_SKIPPED_PERNRS
    it will provide a list of skiped PERNRs
    for further info see docu PNPCE

  • How to use LDB PNP with ABAP objects in a program

    Hello,
    I am wondering if anybody has used the HR logical database(LDB) PNP with user defined ABAP objects in a program? I am using the FM- <b>LDB_PROCESS</b> but its not working. Also assigning PNP in the attributes section of the program -- so that I can use predefined fields from the LDB and then invoking the FM doesn't work -- throwing 'Logical database already active' error.
    I suppose even with the ABAP objects and the new FM -- I should still be able to utilize the pre-defined fields of the PNP database -- and also the built in authorizations. I cannot use GET PERNR and REJECT as they give errors. I understand that the use of HR-macros (RP-PROVIDE-FROM-LAST and et al.) are not allowed as they use the table work area -- which is not allowed in ABAP-OOPS.
    I would really appreciate if anyone could show me some insight regarding this. Thank you.
    Kshitij R. Devre

    Hi Kshitij
    It would be really good if we could use both together. But as I know, it is not possible. "GET pernr." is an event-like loop statement and so cannot be used in OO context. And I guess, the same restriction holds for the "LDB_PROCESS" since it uses LDB-specific processing.
    What I suggest you is to use standard and BAPI functions.
    Sorry for giving bad news...
    *--Serdar

  • Get pernr in screen 900 for ldb PNP

    hi All,
    I have created a program in HR-ABAP using ldb pnp and I have used the screen 900 [for get payroll]  Now for few employees when I use GET pernr, its nt giving ne results. as in the the program goes to end of selection. Now wen i change the screen to normal [ blank or 000], the get pernr for same employees gives me results. Can someone please explain the reason for above?
    thanks,
    RS

    Check whether the payroll run has taken place for the input employee numbers you are giving.
    You can check in the Tcode PC_PAYRESULT.

  • Get pernr in creen 900 for ldb PNP

    hi All,
    I have created a program in HR-ABAP using ldb pnp and I have used the screen 900 [for get payroll]  Now for few employees when I use GET pernr, its nt giving ne results. as in the the program goes to end of selection. Now wen i change the screen to normal [ blank or 000], the get pernr for same employees gives me results. Can someone please explain the reason for above?
    thanks,
    RS

    Hi Reena
    Check the status of employees for no result is displayed in 900 screen. Either they are active or payroll is run or not. That might be one of the reason. Another reason can be they are being open for the changes.
    Regards
    Waz

  • Transport of 'Report category Assignment' for LDB - PNP

    Hi,
    I am using LDB - PNP for a HR report. The screen works fine in the development server.
    Once Transported to Quality and Production servers the screen changs to something else completely. 
    <b>I see that HRIN0013 under 'Report category Assignment' ( found in Attributes of program ) is not transported to
    to quality server. How can transport HRIN0013  to
    to quality server? </b>
    I have used 'Report category Assignment'  X__X2201 and it works fine.
    I need your assistance on this. Help will be highly appreciated.

    Hi sanchit,
    1. This report category HRIN0013
       must be a sap standard report category,
       which must be a part of the LDB program.
    2. Just check out in your QA and production servers,
      whether this HRIN0013 is available for
      selection or not,
       in the same screen, u mentioned.
      ie. se38 -- 'Report category Assignment' Button
      ( found in Attributes of program
    regards,
    amit m.

  • Logical Data Base- Authorization Check

    Hi,
        Please tellme when is the authorization checked if the LDB is used in the program. If I am not using 'GET PERNR' statement in the START-OF-SELECTION then will this authorization check will be performed for the data being extracted from the Data base using select statement.
    Waiting for reply,
    Shwetambari.

    HI,
    No it won't perform if you write the select statment, when you write the code GET PERNR, then internally it will get the data based on the Auth check and a SET PERNR will be triggers. so better to use the GET statment
    Regards
    Sudheer

  • SU22 authorization checks

    Hello,
    We are looking at solving all Priority 1(RED) and Priority 2(YELLOW) errors appearing in SU22 for release 6 and 7.
    I have some understanding of how the errors come up.
    I have a few concerns.
    1) How do we decide whether to set proposal value as YS or NO for particular object for that transaction, what are different parametrs that we are concerned about?
    2) Some transactions have Priority 1 error , even if there is one authorization object with propsal as MAINTAINED status as NO (As per my understanding it should be priority 2).
    3)Most priority errors have problem of being all object's status set as Check + NO.
    How do we solve this?
    4) Some transactions are not associated with any objects and are shown as priority 1 , how to deal with this?
    Also send links if I can find documenation specific to these objects,
    something .<a href="http://help.sap.com/saphelp_erp2005vp/helpdata/en/fe/73ba3bd14a6a6ae10000000a114084/content.htm">as specific as for PLOG</a>
    We need this urgently, please help
    Thnaks,
    Samir

    Hi,
    The PNP database will take care of authorization check. It will not execute if used does not have authorizations.
    Hope this helps.

  • Obsolete statements while using LDB PNP

    Hi,
    I am using LDB PNP, while extended program check it is showing  many obsolete statements like-
    tables : PERNR.
    infotypes
    RP_PROVIDE_FROM_LAST.
    What is the alternate to all these above statements.
    I searched the forum, but could not found anything. Please provide example.
    Thanks,

    That will bevary from system settings, In the standard reports, it will never give you the error/warning/informaton messages. But custom programs it will give as a absolete, But i can see many experts will use the these Macro's, We are doing world largest HR implemetation, Still we are using the same, Not a problem, you can avoid those messages.
    Only one way of avoiding is Using Provide statements.
    Regards,
    Mallikarjuna

  • Check the ldb

    How to check the ldb in a database table

    Hi this may be helpful 4 u.
    A logical database is a special ABAP/4 program which combines the contents of certain database tables. You can link a logical database to an ABAP/4 report program as an attribute. The logical database then supplies the report program with a set of hierarchically structured table lines which can be taken from different database tables.
    LDB offers an easy-to-use selection screens. You can modify the pre-generated selection screen to your needs. It offers check functions to check whether user input is complete, correct, and plausible. It offers reasonable data selections. It contains central authorization checks for data base accesses. Enhancements such as improved performance immediately apply to all report programs that use the logical database.
    Less coding s required to retrieve data compared to normal internel tables.
    Tables used LDB are in hierarchial structure.
    Mainly we used LDBs in HR Abap Programming.
    Where all tables are highly inter related so LDBs can optimize the performance there.
    Check this Document. All abt LDB's
    https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/com.sap.km.cm.highlightedcontent?documenturi=%2flibrary%2fabap%2fabap-code-samples%2fldb+browser.doc
    GO THROUGH LINKS -
    http://www.sap-basis-abap.com/saptab.htm
    http://help.sap.com/saphelp_nw04/helpdata/en/9f/db9bfa35c111d1829f0000e829fbfe/content.htm
    http://help.sap.com/saphelp_nw04/helpdata/en/9f/db9b5e35c111d1829f0000e829fbfe/frameset.htm
    http://help.sap.com/saphelp_nw04/helpdata/en/c6/8a15381b80436ce10000009b38f8cf/frameset.htm
    /people/srivijaya.gutala/blog/2007/03/05/why-not-logical-databases
    Re: **LDB**
    www.sapbrain.com/FAQs/TECHNICAL/SAP_ABAP_Logical_Database_FAQ.html
    www.sap-img.com/abap/abap-interview-question.htm
    www.sap-img.com/abap/quick-note-on-design-of-secondary-database-indexes-and-logical-databases.htm
    http://help.sap.com/saphelp_nw04/helpdata/en/9f/db9b5e35c111d1829f0000e829fbfe/content.htm
    http://help.sap.com/saphelp_nw2004s/helpdata/en/9f/db9bb935c111d1829f0000e829fbfe/content.htm
    Gothru the blog which provides info on LDB's:
    /people/srivijaya.gutala/blog/2007/03/05/why-not-logical-databases
    Sample code
    TABLES: SPFLI,
    SFLIGHT,
    SBOOK,
    SCARR.
    START-OF-SELECTION.
    GET SPFLI.
    WRITE:/ ’SPFLI: ’, SPFLI-CARRID, SPFLI-CONNID,
    SPFLI-AIRPFROM, SPFLI-AIRPTO.
    GET SFLIGHT.
    WRITE:/ ’ SFLIGHT: ’, SFLIGHT-CARRID, SFLIGHT-CONNID, SFLIGHT-FLDATE.
    GET SBOOK.
    WRITE:/ ’ SBOOK: ’, SBOOK-CARRID, SBOOK-CONNID,
    SBOOK-FLDATE, SBOOK-BOOKID.
    GET SFLIGHT LATE.
    WRITE:/ ’ GET SFLIGHT LATE: ’, SFLIGHT-FLDATE.
    with regards,
    Hema sundara.
    pls reward  points if u find it heplful.

Maybe you are looking for

  • Web Service over SSL failing in BEA Workshop

    I have deployed a web service on weblogic 9.2 I have enabled one-way ssl on it. got a trial ssl certificate from verisign. installed them on the keystore/truststore on the server as well as the jre (cacerts and jssecacerts truststores) being used by

  • Purchased movie never fully downloads

    I recently purchased the movie Spider Man 2 on my computer, via iTunes 10.6.3.  The standard definition and iTunes Extra files downloaded without any problem, but the HD version of the movie never seems to completely download.  Instead, I am constant

  • (Report Painter) Display differnet language in one report.

    Hi Experts,   i want to know can (Report Painter) display differnet language in one report depends on different user login. like user with chinese lang login can display chinese in the report and user with english lang login can display english in th

  • Constant Amber Light - Airport Express

    I've been using my Airport Express successfully now for about a year to connect my Mac to a stereo wirelessly. However, today, the Airport Express stopped working. Essentially, the Airport Express just shows a solid amber light, and it is not shown o

  • Error in cancelling placement

    User has by mistake created a contingent worker , when he was supposed to create employee. now when we cancel placement we are unable to do that Error received is " HR_289747_MUST_BE_CWK" Any one has received this error before pls help