Authorization Object for HR Reports

Hi All,
I have to restrict the users based on Company Code so that the users can only access the data for which they authorized from the standard HR reports.
Please suggest the authorization object.
With Regards
Akshat

Hi Akshat,
For HR perspective its best to use P_ORGIN Authorization Object which gives you flexibility at following level:
INFTY: Infotype Number
SUBTY: Subtype Number
AUTHC: Authorization Level
WERKS: Personnel Area
PERSG: Employee Group
PERSK: Employee Subgroup
VDSK1: Organizational Key
You can consult functional consultant for its parameters and further help.
Hope this helps.
Regards,
Naveen

Similar Messages

  • Create authorization check for a report

    Hi,
    I need to create an authorization check for a report. It means that I need to restrict the usage of the report to couple of users ( 'USER1' and 'USER2' ). How can I do that? I did read through a lot of threads regarding this piece got a bit confused and stuck while creating the authorization object.
    Say the report name is ZHR_TIMEABC.
    Can anyone explain how to create an authorization object and how are they tied to the object and call them in the abap code?
    Thanks in advance,
    VG

    Hi,
    Thanks. Here is my understanding, S_C_FUNCT calls a system generated function module to make an authority check. So, if different users say USER1 and USER2 have different authroization levels, defined in their user profile, just adding this piece code will take care of authroization check for the program OR do I need to take care of something else?
    If so, when do we need to create the authorization objects using SU20 and assign the group and follo this process? When do we use this approach ( lot of threads on authority check have mentioned this procedure)?
    Your inputs will be helpful to understand this concept.
    Thanks,
    VG

  • Custom Authorization Object for HR

    Hi,
    As per our Company's internal needs I have created a Custom Authorization Object for HR named ZP_ORGIN (it has Personnel Subarea field BTRTL besides what's there in Auth. Object P_ORGIN) and made it Check/Maintain for transaction PA30 in SU24.
    I can see the entries in the USOBT_C & USOBX_C tables for this object, I am also able to add this object in the roles as well.
    Everything looks fine, but when I execute the transaction & do a trace on it, the object ZP_ORGIN is never checked (for a user having this object in his/her User Master). Only P_ORGIN object is checked instead.
    I believe I'll have to write some ABAP code e.g. AUTHORITY-CHECK OBJECT 'ZP_ORGIN' etc. Can anybody tell  which User Exit or Field Exit I'll have to put the AUTHORITY-CHECK code in, so that my new custom authorization object is alwayz checked.
    Your help will be appreciated.
    Thanks,
    Mandeep Virk

    Hi,
    I have created a Custom Authorization Object for HR named Z_ORIGIN (it has Personnel Subarea field BTRTL besides what's there in Auth. Object P_ORIGIN) and made it Check/Maintain for transaction PA30 in SU24.
    I can see the entries in the USOBT_C & USOBX_C tables for this object, I am also able to add this object in the roles as well.
    Everything looks fine, but when I execute the transaction  the object Z_ORIGIN is never checked (for a user having this object in his/her User Master). Only P_ORIGIN object is checked instead.
    We've ran the report RPUACG00 also which is mentioned in this thread.
    We also coded the authority check code in the both user exit ZXPADU01 and ZXPADU02 for PA infotype operations
    I believe I'll have to write some ABAP code e.g. AUTHORITY-CHECK OBJECT 'ZP_ORGIN' etc. Can anybody tell which User Exit or Field Exit I'll have to put the AUTHORITY-CHECK code in, so that my new custom authorization object is alwayz checked
    but still it is taking the P_ORGIN object.

  • HR Authorization : Custom Authorization Object  for P_ORGIN

    Hi,
    I have created a Custom Authorization Object for HR named Z_ORIGIN (it has Personnel Subarea field BTRTL besides what's there in Auth. Object P_ORIGIN) and made it Check/Maintain for transaction PA30 in SU24.
    I can see the entries in the USOBT_C & USOBX_C tables for this object, I am also able to add this object in the roles as well.
    Everything looks fine, but when I execute the transaction the object Z_ORIGIN is never checked (for a user having this object in his/her User Master). Only P_ORIGIN object is checked instead.
    We've ran the report RPUACG00 also which is mentioned in this thread.
    We also coded the authority check code in the both user exit ZXPADU01 and ZXPADU02 for PA infotype operations
    but still it is taking the P_ORGIN object

    Online Help
    <a href="http://help.sap.com/saphelp_erp2005vp/helpdata/en/d9/64141c0774194593da29f3cb813f1b/frameset.htm">P_NNNNNCON (HR Master Data: Customer-Specific Authorization Object with Context)</a>

  • Adding authorization object for "Function Group"s ?

    Is it possible to add any authorization object for any function group ?
    We have an issue i.e. whenever user "XYZ" is getting some Windows Excel related error whenever trying call an excel report from BW server. System log related to "XYZ" user shows that -> User "XYZ" has no RFC authorization for the function group "ABCD". The RFC authorization object is S_RFC.
    Function Group you can check through SE37->GoTO->Display Function Group
    Now is it possible to add authorization for any "Function Group" ?

    You give authorisation for all function groups by giving auth object S_RFC a * value in field RFC_NAME
    However I do not recommend this as giving wide access to RFC's can bypass a lot of the security you have implemented for the users.
    In this case, add only the function group that the user requires in this instance into S_RFC

  • Authorization Object for Transaction Code

    Hi,
    Is there a report I can execute to give me the list of authorization object for this transaction code?
    Thanks.

    Check Transaction SU24
    Alternatively you can go to SE16-- enter the table name TSTCA, then enter the T CODE, you will get the object related to that T Code.
    Reward points..

  • How to find out Authorization Object for Plant

    Hi,
    I have to implement an Authorization check for Plant in My Report Program.
    Is there any transaction which can help me to find out Authorization Object for any field like Material and plant?
    Thanks,
    Mamta

    Using SU21 u can create Authorisation Object.
    The ABAP command AUTHORITY-CHECK is used for performing authorizaton checks in programs.
    check f1 help on AUTHORITY-CHECK for the syntax.
    check these links
    link:[http://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/a92195a9-0b01-0010-909c-f330ea4a585c;jsessionid=(J2EE3417500)ID1605942050DB11298929682009193279End]

  • Authorization Object for Z Tcodes

    Dear SAP Guru's
    how to find authorization object for Z tcodes
    e.g. in our orgnisation we have created report ZSR( Sales Register)  and we want to restrict user for Plant & sales office
    so where i can get authorization object.
    kindly help
    Thanks
    Paramanand

    Hi,
    Goto T.Code "SUIM".
    Click on "Roles".
    Click on "By Transaction Assignment".
    Enter your T.Code here i.e. "ZSR".
    Click on Execute or Press F8.
    You will identify the role assigned to it.
    Copy that role.
    Goto T.Code "PFCG".
    Paste that role here.
    Click on Display.
    Goto "Authorisations" tab.
    click on "Display Authorization data".
    Goto Utilities-->Technical names on in menu bar.
    Here you can see the authorization object assigned for this T.Code.
    But in general all the Z transactions will be in S_TCODE authorization object.
    Also,goto that T.Code.
    Immediately after this enter,"/nSU53" T.Code.
    Regards,
    Krishna.

  • Authorization Object for Cost center

    Hi Experts;
    We are using SRM 7, classic scenario.
    We are copying SRM tcode: BBP_BW_SC4 to a Z report and modify it. The users will be given the access to display  the status of thier SC.
    How can I restrict the user from displaying the SC of other department's? Is there an authorization object for cost center in SRM? is there any other away to restrict the users from displaying SC related to other depts.
    Appreciate your help

    by the way, why are you not using the standard SAP powl queries? they anyways restrict you from viewing others SCs except your team
    any ways, if you are copying that report this BBP_BW_SC4, then change this
    PARAMETERS pa_coce TYPE kostl OBLIGATORY DEFAULT lv_costcenter.
    to
    PARAMETERS pa_coce TYPE kostl OBLIGATORY DEFAULT lv_costcenter no-display.
    Edited by: Soumyaprakash Mishra on Jan 31, 2012 3:48 PM

  • Authorization Objects for GL, AP, and PCA

    Hi,
    What is the difference in:
    1. Authorization Objects
    2. Facility Objects
    3. Profit Center Objects
    Where can I find the above objects related to:
    1. GL
    2. AP
    3. PCA (Profit Center Accounting)
    Please give me the answer, I will assign points to you.
    Thanks in advance.

    Hi,
    1) Make the characterstics like Company code, Controlling Area, Proficenter ..etc as authorization relevent (RSA1)
    2) Create the Respective Authorization objects for each of the above Characterstics (RSSM).
    3) And assign the Cubes and ODS es to the Authorization Object RSSM
    4) Create and use the Authorization variables on the above characterstics in reports
    5) maitain the access for all users through the roles by including and maintaining the AOs (created in step 2)
    With rgds,
    Anil Kumar Sharma .P

  • Authorization object for Object services

    Hello together,
    I want to know if there is an authorization object for Generic object services functionilty especially the WF options like WF overview, start WF, Archieve WF..............................
    My understanding is any user who has access to a particular Business object, can user GOS to view WF stuff..................Is my understanding correct or should we have extra functions.....................
    Regards

    Check authorization objects S_OC_ROLE and, for recent releases, S_GOS_ATT.
    Regards,
    Raymond

  • Authorization object for plant on selection-screen

    Hi All,
    I need to cehck the authorization object for plant on sleection screen..the palnt is select-options.
    I have written the code
    Declaration of local constants.
      CONSTANTS : lc_i(1)  TYPE c VALUE 'I',
                  lc_eq(2) TYPE c VALUE 'EQ'.
      REFRESH : r_werks.
      LOOP AT s_werks.
        IF s_werks-low IS NOT INITIAL.
          AUTHORITY-CHECK OBJECT 'M_MATE_WRK'                "Check if the user has autorization for the plant.
                               ID 'ACTVT' FIELD '03'
                               ID 'WERKS' FIELD s_werks-low.
          IF sy-subrc NE 0.
            r_werks-sign   = lc_i.
            r_werks-option = lc_eq.
            r_werks-low    = s_werks-low.
            APPEND r_werks.
          ENDIF.
        ENDIF.
      ENDLOOP.
      LOOP AT s_werks.
        IF s_werks-high IS NOT INITIAL.
          AUTHORITY-CHECK OBJECT 'M_MATE_WRK'                "Check if the user has autorization for the plant.
                               ID 'ACTVT' FIELD '03'
                               ID 'WERKS' FIELD s_werks-high.
          IF sy-subrc NE 0.
            r_werks-sign   = lc_i.
            r_werks-option = lc_eq.
            r_werks-low    = s_werks-high.
            APPEND r_werks.
          ENDIF.
        ENDIF.
      ENDLOOP.
    My doubt is will the authorization will check the plants in between 1001 and 2001..suppose i have pplants 1001,1002,1003,1004,2001..Now will the above code will check for all the plants or only 1001 and 2001 if i specify in the select-options.
    Regards,
    raj

    Hi Raj
    First no need to LOOP AT s_werks and check s_werks-high as it will always be present only once in the table s_werks.
    Do this
    SELECT werks FROM t001w INTO li_werks
    WHERE werks IN s_werks.
    LOOP AT li_werks.
    *check your authority thing here and fill the range
    ENDLOOP.
    Pushpraj

  • Authorization Object for Marketing Attributes

    Hi Experts,
    We are working with CRM 2007 and use in BP Marketing Attributes. Does someone know if there are any authorization objects for Marketing Attributes? We would like to restrict some of users to see some Attribute sets!
    Thank you in advance,
    Roula

    Hi Roula,
    Thank you so much for awarding points.
    Please note that in Transaction PFCG you have to assign the appropriate three digit attribute set key under the authorization group BGKRL to the authorization object C_KLAH_BKL for assigning attribute sets and to the authorization object C_KLAH_BKP for editing attribute sets.
    Please have a look at the Note in the bottom of the page at the following link for further information.
    http://help.sap.com/saphelp_crm60/helpdata/en/46/3517cc86e01421e10000000a1553f6/frameset.htm
    Regards,
    Deepak

  • Authorization object  for PLANNING PLANT

    Hi all,
    My client has different Planning plant & Production plant.
    If I need to give access to GR for order (MB31), how do I know the authorization object for the Planning plant.
    User should be given access to MB31 to the Planning plant & NOT to the Production plannt.
    Any idea where we could find the authoriz. objects for a particular field?
    Pls advise.

    Goods Receipt for Production Order: Movement Type            M_MSEG_BWF
    Goods Receipt for Production Order: Plant                    M_MSEG_WWF
    these are the authorisation objects with activities as  ACTVT and WERKS
    Maintaine the values for ACTVT  as
    01 Create or generate,
    02  Change
    03 Display
    04 Print, edit messages
    and maintaine the values WERKS   (ur plants 4 which u want to give authorisations)
    and BWAR ( movement types 4 which u want to give authorisations)

  • Kindly tell me authorization object for MRP type

    Hi friends,
    Kind tell me what is the authorization object for MRP type in material master.
    Your help is considered more important.
    thanks in advance
    willaims

    Hi Willaim,
    There is no standard authorization object for MRP type.
    Regards,
    Alexander

Maybe you are looking for

  • How to run the ejb project in j2ee server

    How to run the EJB project. I give like java conveterClient converterClient.jar here conveterClient is class file name and converterClient.jar is deployed file like wise i give some exception is come give some help pls friends

  • Common function

    Hello, We can use stored procedure and function in many application. This reduce the time of coding same procedure and function at application label.And there are so many advanteges of stored procedure and functions. How to add user procedure or funt

  • Oracle Linux 5.7 / acroread 9.4.7 unable to print

    I am unable to print from command line using acroread 9.4.7 unless -start n -end n is specified. The error that I recieve is stdin empty. the reports we are printing can contain any amount of pages. Thanks, Dave

  • Transporting packages

    Hi experts I'm doing BW transports to production.. I'm getting some errors, and along with those errors the information that packages Z_INFOOBJECT does not exist in prd system. I've checked SE80, and indeed that packages does not exist in prd 1) woul

  • Support for MSMQ?

    Hi Sadly, AQ bridge to MSMQ doesn't currently exist. Does anybody know when Oracle will implement this feature? We have Windows CE mobile devices and data exchange is realized through MSMQ. Windows CE client on device, selfmade .NET app running on th