ESS ECC5.0 Authorization

Similar Messages

• ESS / MSS Authorizations

  Hi gurus,
  For the ESS point of view the composite role used is SAP_EMPLOYEE_ERP.
  Like vise can some one please tell me what will be the composite role for the Manager Self Services.
  Thanks in Advance
  Sera

  Sera,
  Please refer note 844639 and /thread/457780 [original link is broken]. Hope this helps.
  award points if helpful.

• ESS & MSS related authorizations details..

  Can someone help on whether ESS/MSS authorisation has something specific to be done other tan the pfcg in R/3. Could you give me more details on how is ESS/MSS authorizations are handled.. Is there any stand guide available which guides on setting this up.
  Thanks,
  Chetan Hinduja

  Hi Chetan,
  Among the deployed content of ESS and MSS in the Portal, you'll probably find roles in it that should be assigned to the users which are going to access those services.
  Assigning these roles to the Portal users and the R/3 roles in PFCG should be enough.
  Kind Regards,
  Simone

• ERROR in ESS syn err CL_HRPA_PERNR_INFTY_XSS error key rfc system failure

  Hiya
  When a an employee goes to the personal information screen on ESS following error comes up
  syntax error in program CL_HRPA_PERNR_INFTY_XSS=======CP      ., error key RFC_SYSTEM_FAILURE
  Regards
  RJ

  Is all other ess services are working fine? JCo from portal been configured rightly? Users assigned to PERNR in IT 0105?
  If above all are done, Check the following:
  1. Check that all the Personal Information services specific infotypes are with required subtypes.
  2. Check V_T7XSSPERSUBTYP to activate subtypes for infotypes with use cases.
  3. Incase, if you created custom roles in backend for ESS, check authorization for these infotypes.
  4. If all above are fine, goto ST22 to get the dump and specific line where it appears to analyse further.

• ECC5.0 not authorized for CRM connection

  Hi all,
  We are connecting ECC5 to CRM server. In ECC5, authorization test for CRM server fails in transaction SM59.
  But the connection test works fine in the same transaction.
  But from ECC6 IDES, connection to CRM is successful for the same way of connection. Authorization test in ECC6 is successful for the same CRM server in transaction SM59.
  Can somebody kindly give me some idea on how to fix this issue?
  Good points will be rewarded.
  Thanks & Regards,
  Max

  Hello Max,
  What is the error message you are getting.
  regards,
  Muralidhar Prasad chatna

• ESS + Backend access Issue

  Hi Experts,
  Recently I have come across a design issue for the HR roles in our system.
  Our HCM system has ESS/MSS as well as other backend roles such as payroll, time admin etc.
  The ESS/MSS role is categorized based on country, as such the P_ORGIN object will have full country value for PERSA etc.
  The backend role such as PAYROLL ADMIN will have restrictions based on PERSA.
  When we combine both, the ESS/MSS access overrides PERSA restrictions in PAYROLL Admin role & gives additional access to full country.
  Is there a way to mitigate this & restrict the access without changing the ESS/MSS authorizations?
  Please share your thoughts.
  Nivin

  Nivin,
  Its not exactly a pinpoint solution to your issue but move from P_ORGIN to P_ORGINCON. P_ORGIN is old and IMHO obsolete. P_ORGINCON offers much needed flexibility to meet most of the business scenarios.
  Regards,
  Shivraj Singh

• Modifying ESS/MSS iViews

  Hi,
  Can someone please guide me to how I can modify standard ESS/MSS iViews, for example, to remove unwanted UI elements etc. The portal version is EP6. Also, I understand that with EP7 most iViews are Web Dynpro Java/ABAP, can these be modified also? Is there any docs or how to guides which will show me how to do this? Are there any Weblogs out there that anyone knows of? I've been searching and searching but have had no such luck thus far. All help will be very appreciated.
  Thanks
  Tony.

  The "cookbook" for ESS is available via service.sap.com (the specific OSS note is attached too can be found with a search on here....sorry, don't know it right off). The cookbook does apply for EP6 and ESS ECC5.0. Basicaly, it steps you through setting up NWDI(JDI), creating your "project", pulling the needed Webdynpro into your NW Dev Studio, modifying it and re-deploying to NWDI and onto the portal.
  An even better way....there is an online class available from SAP (it is part of the ERP2004 training) that covers ESS/MSS in-depth as well as modifying the files. The entire course (of which ESS/MSS is a small part) is $500 USD last time I checked....well worth it.
  The new ESS/MSS/self-service WebDynpros are based on the Floor Plan Manager framework which can be tricky to understand....the class above helps cover that too...has material I have found no where else but in the class.
  Hope this helps.

• Roles - Authorization Issue

  Hi ,
  I have some set of roles. I assigned those set of roles to an user for his QA and production access. In QA he is able to do but with the same set of roles in production he is not able to do. In QA system he is able to perform rehiring action through PA40 but in production he is not able to do so.
  Please through some light why system is behaving like this and more over our QA system is a recent refresh of production system.
  With the same set of roles and some additional roles another user is able to do this but this is user is not able to do?
  Thanks and Regards,
  Visali.Malepati

  Hi Puneet and Chaitanya,
  Reagrding SU53.
  It is showing
  Authorization level = W
  Infotype = 0000
  Personnel Area = *
  Employee Group = *
  Employee Subgroup = *
  Subtype = *
  Organization Key = *
  User is having more than this required in two roles.
  1 <b>Z_CC-ESS</b>
  Authorization level = *
  Infotype = 0000
  Personnel Area = JTC* ( We have only with JTC*)
  Employee Group = *
  Employee Subgroup = *
  Subtype = *
  Organization Key = ESS ( We have two organization keys one is ESS and other one Prof)
  in and in another role ( <b>Z_CC-Prof</b> )
  Authorization level = *
  Infotype = 0000
  Personnel Area = JTC*
  Employee Group = *
  Employee Subgroup = *
  Subtype = *
  Organization Key = Prof
  Both these roles are assisgend to the user and both roles user compare is done in production.
  I read in one thread about  Buffer over flow. Do any one have any idea about Buffer over flow. Please throw some light on Buffer overflow.
  In SU53 Tcode there is one option under menu tab authorisation values that is Reset user buffer. what is this for?
  Thanks and Regards,
  Visali Malpeati.

• No Adobe Form Is Assigned to the Scenario -ERROR

  Hi All,
  I configured the ADS server and was able to display the test Adobe Forms and test the forms successfully in ECC and Portal side.
  (We are using ERP 2005 and EP 7.0 of NW2004s)
  However when I tried to test the PCR forms in MSS, I get the following error.
  Also I WAS ABLE TO DISPLAY the  forms when I had SAP_ALL autorizations at the backend ECC system. But when I remove the SAP_All and provide with all the ESS/MSS authorization with all the needed RFC authorizations, I'm  unable to display the forms. Can anyone please help me resolve this issue.
  <b>com.sap.pcuigp.xssfpm.java.FPMRuntimeException: No Adobe Form Is Assigned to the Scenario</b>
       at com.sap.pcuigp.xssfpm.java.MessageManager.raiseException(MessageManager.java:111)
       at com.sap.pcui_gp.isr.isrprocessevent.FcISRProcessEvent.raiseExceptions(FcISRProcessEvent.java:1819)
       at com.sap.pcui_gp.isr.isrprocessevent.FcISRProcessEvent.callRFCIsrGetFormUrl(FcISRProcessEvent.java:935)
       at com.sap.pcui_gp.isr.isrprocessevent.FcISRProcessEvent.setTemplateSource(FcISRProcessEvent.java:373)
       at com.sap.pcui_gp.isr.isrprocessevent.FcISRProcessEvent.callRFCIsrProcessEvent(FcISRProcessEvent.java:699)
       at com.sap.pcui_gp.isr.isrprocessevent.FcISRProcessEvent.callIsrProcessEvent(FcISRProcessEvent.java:294)
       at com.sap.pcui_gp.isr.isrprocessevent.wdp.InternalFcISRProcessEvent.callIsrProcessEvent(InternalFcISRProcessEvent.java:1178)
       at com.sap.pcui_gp.isr.isrprocessevent.FcISRProcessEventInterface.callIsrProcessEvent(FcISRProcessEventInterface.java:127)
       at com.sap.pcui_gp.isr.isrprocessevent.wdp.InternalFcISRProcessEventInterface.callIsrProcessEvent(InternalFcISRProcessEventInterface.java:386)
       at com.sap.pcui_gp.isr.isrprocessevent.wdp.InternalFcISRProcessEventInterface$External.callIsrProcessEvent(InternalFcISRProcessEventInterface.java:546)
       at com.sap.pcui_gp.isr.isrprocessevent.showform.VcISRShowForm.onBeforeOutput(VcISRShowForm.java:215)
       at com.sap.pcui_gp.isr.isrprocessevent.showform.wdp.InternalVcISRShowForm.onBeforeOutput(InternalVcISRShowForm.java:412)
       at com.sap.pcui_gp.isr.isrprocessevent.showform.VcISRShowFormInterface.onBeforeOutput(VcISRShowFormInterface.java:137)
       at com.sap.pcui_gp.isr.isrprocessevent.showform.wdp.InternalVcISRShowFormInterface.onBeforeOutput(InternalVcISRShowFormInterface.java:136)
       at com.sap.pcui_gp.isr.isrprocessevent.showform.wdp.InternalVcISRShowFormInterface$External.onBeforeOutput(InternalVcISRShowFormInterface.java:212)
       at com.sap.pcuigp.xssfpm.wd.FPMComponent.callOnBeforeOutput(FPMComponent.java:654)
       at com.sap.pcuigp.xssfpm.wd.FPMComponent.doProcessEvent(FPMComponent.java:619)
       at com.sap.pcuigp.xssfpm.wd.FPMComponent.doEventLoop(FPMComponent.java:474)
       at com.sap.pcuigp.xssfpm.wd.FPMComponent.access$600(FPMComponent.java:87)
       at com.sap.pcuigp.xssfpm.wd.FPMComponent$FPM.raiseEvent(FPMComponent.java:1038)
       at com.sap.pcuigp.xssfpm.wd.FPMComponent$FPMProxy.raiseEvent(FPMComponent.java:1250)
       at com.sap.xss.hr.pcr.selectform.VcPcrSelectForm.toShowForm(VcPcrSelectForm.java:227)
       at com.sap.xss.hr.pcr.selectform.wdp.InternalVcPcrSelectForm.toShowForm(InternalVcPcrSelectForm.java:190)
       at com.sap.xss.hr.pcr.selectform.SelectForm.onActionToShowForm(SelectForm.java:143)
       at com.sap.xss.hr.pcr.selectform.wdp.InternalSelectForm.wdInvokeEventHandler(InternalSelectForm.java:172)
       at com.sap.tc.webdynpro.progmodel.generation.DelegatingView.invokeEventHandler(DelegatingView.java:87)
       at com.sap.tc.webdynpro.progmodel.controller.Action.fire(Action.java:67)
       at com.sap.tc.webdynpro.clientserver.window.WindowPhaseModel.doHandleActionEvent(WindowPhaseModel.java:420)
       at com.sap.tc.webdynpro.clientserver.window.WindowPhaseModel.processRequest(WindowPhaseModel.java:132)
       at com.sap.tc.webdynpro.clientserver.window.WebDynproWindow.processRequest(WebDynproWindow.java:335)
       at com.sap.tc.webdynpro.clientserver.cal.AbstractClient.executeTasks(AbstractClient.java:143)
       at com.sap.tc.webdynpro.clientserver.session.ApplicationSession.doProcessing(ApplicationSession.java:299)
       at com.sap.tc.webdynpro.clientserver.session.ClientSession.doApplicationProcessingPortal(ClientSession.java:731)
       at com.sap.tc.webdynpro.clientserver.session.ClientSession.doApplicationProcessing(ClientSession.java:667)
       at com.sap.tc.webdynpro.clientserver.session.ClientSession.doProcessing(ClientSession.java:232)
       at com.sap.tc.webdynpro.clientserver.session.RequestManager.doProcessing(RequestManager.java:152)
       at com.sap.tc.webdynpro.clientserver.session.core.ApplicationHandle.doProcessing(ApplicationHandle.java:73)
       at com.sap.tc.webdynpro.portal.pb.impl.AbstractApplicationProxy.sendDataAndProcessActionInternal(AbstractApplicationProxy.java:879)
       at com.sap.tc.webdynpro.portal.pb.impl.localwd.LocalApplicationProxy.sendDataAndProcessAction(LocalApplicationProxy.java:77)
       at com.sap.portal.pb.PageBuilder.updateApplications(PageBuilder.java:1291)
       at com.sap.portal.pb.PageBuilder.SendDataAndProcessAction(PageBuilder.java:325)
       at com.sap.portal.pb.PageBuilder$1.doPhase(PageBuilder.java:831)
       at com.sap.tc.webdynpro.clientserver.window.WindowPhaseModel.processPhaseListener(WindowPhaseModel.java:755)
       at com.sap.tc.webdynpro.clientserver.window.WindowPhaseModel.doPortalDispatch(WindowPhaseModel.java:717)
       at com.sap.tc.webdynpro.clientserver.window.WindowPhaseModel.processRequest(WindowPhaseModel.java:136)
       at com.sap.tc.webdynpro.clientserver.window.WebDynproWindow.processRequest(WebDynproWindow.java:335)
       at com.sap.tc.webdynpro.clientserver.cal.AbstractClient.executeTasks(AbstractClient.java:143)
       at com.sap.tc.webdynpro.clientserver.session.ApplicationSession.doProcessing(ApplicationSession.java:299)
       at com.sap.tc.webdynpro.clientserver.session.ClientSession.doApplicationProcessingStandalone(ClientSession.java:711)
       at com.sap.tc.webdynpro.clientserver.session.ClientSession.doApplicationProcessing(ClientSession.java:665)
       at com.sap.tc.webdynpro.clientserver.session.ClientSession.doProcessing(ClientSession.java:232)
       at com.sap.tc.webdynpro.clientserver.session.RequestManager.doProcessing(RequestManager.java:152)
       at com.sap.tc.webdynpro.serverimpl.defaultimpl.DispatcherServlet.doContent(DispatcherServlet.java:62)
       at com.sap.tc.webdynpro.serverimpl.defaultimpl.DispatcherServlet.doPost(DispatcherServlet.java:53)
       at javax.servlet.http.HttpServlet.service(HttpServlet.java:760)
       at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
       at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.runServlet(HttpHandlerImpl.java:390)
       at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.handleRequest(HttpHandlerImpl.java:264)
       at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:347)
       at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:325)
       at com.sap.engine.services.httpserver.server.RequestAnalizer.invokeWebContainer(RequestAnalizer.java:887)
       at com.sap.engine.services.httpserver.server.RequestAnalizer.handle(RequestAnalizer.java:241)
       at com.sap.engine.services.httpserver.server.Client.handle(Client.java:92)
       at com.sap.engine.services.httpserver.server.Processor.request(Processor.java:148)
       at com.sap.engine.core.service630.context.cluster.session.ApplicationSessionMessageListener.process(ApplicationSessionMessageListener.java:33)
       at com.sap.engine.core.cluster.impl6.session.MessageRunner.run(MessageRunner.java:41)
       at com.sap.engine.core.thread.impl3.ActionObject.run(ActionObject.java:37)
       at java.security.AccessController.doPrivileged(Native Method)
       at com.sap.engine.core.thread.impl3.SingleThread.execute(SingleThread.java:100)
       at com.sap.engine.core.thread.impl3.SingleThread.run(SingleThread.java:170)
  Thanks,
  Regards
  Madhu

  Hi Madhu,
  Please check if ICM is configured properly through the transaction SMICM.
  please refer the thread -  Re: ISR service error :No Adobe Form Is Assigned to the Scenario...
  Do update, onceyou have solved the solution.
  Thanks and Regards,
  Anto.

• Business  scenario regarding HR

  Dear friends
  Coul any1 of u get a clear business scenario regarding HR...
  with a clear process flow for it guys..
  cheers
  sakthi

  Hello,
  SAP HR helps in improving SAP-supported HR-processes in terms of usability and quality.
  HR  Moudle covers areas :
  Payroll,
  Personnel Time Management,
  Organizational Management,
  Reporting,
  ESS, MSS,
  Authorizations,
  Infotypes, Related transactions and tables.
  HR 550, Guide will give you an overview of HR.
  I have H350 Guide. which covers Programming in HR. It's close to 1.5MB.
  Very informative one
  Do let me know if you want it.
  Regards,
  Remi

• WebDP Payslips

  Hi,
  Implementing ESS ECC5.  When I view a payslip in embedded pdf the lines are wrapping.
  The iframe that contains the generated pdf is pointing at
  ../../sap.com/essrem/PaySlip2...   Is there a way to configure the essrem webdynpro to display landscape so the text will fit?  Or to use smaller font/spacing?  Or alter the template that the webDP uses.
  TIA for any advice
  J

  Hi,
  How did you solve this problem, I am having the same issue in ECC6.
  Kind Regards,
  Dirk

• Problem in Authorization of ESS in EP

  Dear All,
  While running ESS through EP some users are getting error :<b>You are not authorised to Start service sap.com\pcui_gp~xssutils/XSS/Menu/Area </b>
  I have already attached the Roles to the user which the otehr user is having and running fine on the other user
  Roles are :
  In R/3 I have define :
  SAP_ESSUSER_ERP and SAP_ESSUSER
  The above two roles are defined to all the EP user for accessing there R/3 data of ESS role
  In EP I have define :
  com.sap.pct.ess.employee_self_service : pcd:portal_content/com.sap.pct/every_user/com.sap.pct.ess.employee/com.sap.pct.ess.roles
  The above role to all ESS users for EP view
  In pa30 the 105 Communication Channel is defined for communicating for EP with same login
  Please help me out in Solving this issue in EP
  Thanks & regards
  Punit Maini
  [email protected]

  Punit,
  the authorization check is done by the backend (ABAP). your user needs the authorization object S_SERVICE. Either, this object isn't included in both mentioned roles or you haven't created the authorization profile for the roles yet.
  you can check in transaction SU56, if your user has assigned the object already.
  kr, achim

• ESS: Who's Who Authorization Checks

  Hi,
  I am testing the ESS iView (tcode PZ01) in the Portal and it seems to be restricting the search results by my authorizations.  I am not getting a full list of people in the system.  Anyone know how to turn-off this authorization check?
  I noticed this only happens when I changed the ESS Who's Who customizing in the IMG for PZ01.  If I uncheck the checkbox 'Output fields list', then it checks authorzations.  I'm thinking this has something to do with using the BAPI vs. using the query infoset, as the documentation states.
  Message was edited by:
          Kenneth Moore

  Old post but I have had a similar issue and it was caused by P_ORGIN
  Infortype 0105 subtype?????
  Seem if the subtype is restricted then they are not displayed if subtype populated in the HR record.

• Training Structural Authorization vs MSS/ESS

  Good day all.
  We're maintaining structural authorization for Training module. The requirement is to be able local company maintain theirown training and regional training can maintain the regional training.
  In OOSP we're maintaining object type L only. For the same object id we're using two evaluation path SCMCATAL and L-D-E-§.
  Unfortunately when we assign certain SAP id (manager) to this structural authorization, this manager can't see his/her subordinate. It saying that "No authorization for reading data". When I remove this user from structural authorization this manager is able to see his/her subordinate.
  Is there any others requirements from HR or additional (BASIS) authorization to rectify this issue?

  Hi
  We are maintaining structural authorization in E-learning. Thre is two departement 1 and 2 . Now for few courses are for dep-1 and few are only for dep-2 .
  This structural authorization is already maintained in ESS now we migrated all the data in e-leraning now my problem is how i can use this structural authorization for E-learning as objects are same just Transaction codes and one Appraisal object is differnt.
  Thanks
  Waiting for reply.
  Nutan

• Skip Authorization Check in ECC5.0

  I have noticed a major diffrence in authorization check for tcodes in ECC5.0 . In earlier versions in debug mode I found that if there is a command like :
  CALL TRANSACTION 'PA30' and SKIP FIRST SCREEN
  If i press F5 it directly shows me the error message "Not authorised to PA30" in case there is no auth to execute it, and the debugging stops.
  But in Earlier versions it used to goto a function module to check the auth. I just want to customize the function module to skip the auth check for a certain set of users.
  Any clue for this?

  Hi Alex,
  I am not very sure about Personnel Cost Planning,
  But an approach I have used in the past when exploring a module about which there is limited documentation or SAP standard model roles is to
  1) Switch on Trace using ST01.
  2) Carry out a series of transcations using a user id which has a lot of authorizations or SAP_ALL.
  3) Anlayse the trace document and identify all the authorization object.
  4) BUild a new role with the auth objects and assign to test user id.
  5) test and confirm that the authorizations are not too many or too less.
  A time consuming but thorough approach.
  hope this helps.