Failed HR Structure Authorization: should not be possible
Hi there,
I've got a strange problem which is quite similar to [this one|https://forums.sdn.sap.com/click.jspa?searchID=10542618&messageID=4893986], but the difference is that my userid does not have an entry in OOSB (T77UA) so it should not have missing HR Structure Authorizations because the general principle in the HR Structure is: No profile - No restrictions.
However, this user is restricted, but not for all records. The restrictions seem very random.
It seems that the userid itsself causes the problem. The account has been copied from another account. If you copy this account to any other userid then the problem does not occur, but I have to use this particular one because it is the official userid (personnel number).
As I said earlier, OOSB is empty and also infotype 0105 (Communication) is set properly.
I even tried to delete and re-create the userid completely but this did not help.
It looks like there are some 'hidden entries' in table T77UA or another table setting for this userid that I am not aware of. Could anyone help me out her?
Thank you!
Kind regards,
Lodewijk
Hi Lodewijk,
You say your problem is similar to the one you're referring to in your initial post. Does that mean that you also get an error message saying:
The last authorization check was successful
Failed HR Structure Authorizations
Date xxxxxxxxxxxxxxxxxxx
Similar Messages
-
After creation PO, pr changes should not be possible.
Hi friends,
our requirement is.......if PO is created by some PR....then
after creation of PO PR changes should not be possible.
How we can restrict this?
Any message?
Rgds,
NavinYou can add message 06 608 in IMG ---> Material Management ---> Purchasing ---> Environment Data ---> Define Atributes of System Messages.
if not already there.
This message appears if one changes the quantity in a requisition for which a PO already exists.
If you set the attribute to E for Error then the requistioner should not be able to change a PR anymore if PO exists. -
ATP check should not be possible
Hi Experts,
I have a requirement to copy the functionality of Transaction V_RA to do this:
If new order is being keyed for the material plant combination while the custom program is running, an ATP check should not be possible in the new
order. This logic already exists in V_RA.
Could someone explain how I can do the same logic to my custom program? To prevent in creation of Sales Order (VA01) of the same material and plant, not to do ATP Availability Check?
Thanks in advance!Hello,
I am a little unsure of your desired functionality. The standard V_RA transaction sets a lock on the order. For example, you will not be able to access the sales order in VA02 when it is being processed in V_RA. This lock is set here:
SAPMV75B FORM BELEG_SPERREN
CALL FUNCTION 'ENQUEUE_EVVBAKE'
EXPORTING
MANDT = SY-MANDT
VBELN = US_VBELN
EXCEPTIONS
FOREIGN_LOCK = 2
SYSTEM_FAILURE = 3.
US_SUBRC = SY-SUBRC.
IF SY-SUBRC = 3.
MESSAGE ID 'VV' TYPE 'A' NUMBER '501'.
But if you are just copying transaction V_RA, then this should be just copied over to your custom program. So I am not fully sure exactly what you are trying to do.
There are also standard locks in transactions OVZ1 and OVZ2 that may be relevant to the issue.
If none of the above helps, then please come back to me with further elaboration. -
Structural Authorization views not displaying in EP
We are using PD profiles to allow managers in an alternative org unit to approve time in MSS for employees not in their org unit. When you log onto the Enterprise Portal in the MSS Team Overview iview the manager cannot see the employees from the other org unit defined in the structural authorization. He can only see his own employees for his org unit. However, in transaction OOSB when you click the Display Objects button you see the positions and persons that should be visible
to the manager. We have assigned the profile through both PO13 to the position and OOSB directly to the user. We make sure to run RHPROFL0 after assignments
of the profiles. HR has created a custom relationship Z99 and assigned to the positions for the alternate org unit.
We had a scenario working in our sandbox at one time but we could not reproduce this in the development system. Any tips would be greatly appreciated.Hi John,
I know SAP_ALL doesn't matter but I wanted to rule out all possibilities of any standard authorization issue to isolate the PD profiles as the real issue.
To answer your question, the user can see his own org unit and subordinate employees in MSS. The manager is a chief and manages his org unit.
A colleague of mine mentioned that there may need to be some configuration established for the iViews in question so I put it to the HR functional team to confirm the correct customization is set up in the IMG for Integration with Other mySAP.com Components > Business Packages/Functional Packages > Manager Self-Service (mySAP ERP) > Object and Data Provider. I'll report on the status of this as well when I hear back from them. Thanks again. -
Material Transfer From one Material Type to another should not be possible
Dear Gurus ,
I have a issue here i want to lock the transfer posting from one Material Type to Another Material Type . The point is the Transefr Posting Shuold happen from same Material Type . So can anybody help me out that what should I do for the sameHi ,
I tried for the same but its not working . I just kept a Break point in this exit . Tried to transfer from MB1B its not stopping at the Break Point Can U suggest as I am doing it from MB1B .
Regards
Shankar -
Hi guys,
I don't have structure authorization implemented or HR system implemented. I was playing with my sandbox system to learn structure authorization by using step by step tutorial. After I created a structure authorization for two users I deleted everything related to structure authorization but unfortunately, some t-codes related to org chart for example PPOME, PPOMW are not working properly, its not allowing to create new org char.
We have another team needs to create some org chart for prototyping but they can't create org chart its giving no authorization error when I ran SU53 it's not giving regular auth error its also give failed HR structure authorization error, this is the error in su53 coming (Date 10/01/2010 and time Plan version 01 Object ID 5000075 Action LISD) there are so many different object ID on the list.
They all already have SAP_ALL in the system. Can anybody give some kind of report so I remove structure authorization completely from the system.
Please help
ThanksStructural Authorization Check
Structural authorizations are used to grant access to view information for personnel where HR OM has been implemented as we stated. The Access is granted to a user implicitly by the useru2019s position on the organizational plan.
On top of the general authorization check, which is based on authorization objects, you can define additional authorizations by hierarchical structures.
In each area, the combination of start object and [Evaluation Path|http://help.sap.com/saphelp_erp60_sp/helpdata/en/35/26c256afab52b9e10000009b38f974/content.htm] from an existing structure returns a specific number of objects. This exact combination, in other words the number of objects returned by this combination, represents a useru2019s [Structural profile|http://help.sap.com/saphelp_erp60_sp/helpdata/en/0c/49ba3b3bf00152e10000000a114084/content.htm]. So structural authorization check is therefore based on a Dynamic concept: The concrete objects that are returned by a structural profile change as the structure (under the start object) changes.
Steps to Perform to Set Up Structural Authorization Check in brief:
(Before start moving for str. auth profile it is assumed that the Switch AUTSW for HR General Authorization check is also activated in table T77S0. Structural Authorization won't give the access for accessing HR data as described in the last posts and works together with General Authorization - to remind you)
1. Integration: Control parameters for the integration of Personnel Planning and Development (PD) with other applications (such as Personnel Administration (PA) and Cost Accounting (CO), etc.) are specified in the "PLOGI" group.
2. Turn on PD PA switch: TCode used is OOPS. Ensure value registered for PLOGI u2013 ORGA is X. No other values need to be checked or changed.
(Note: PD and PA sub modules of HR are not configured to share data by default in the SAP delivered system. This switch must be on for data to flow between both modules.)
3. Turn on Structural Authorizations Main Switches : TCode is OOAC. Value for ORGPD is set to 1.
4. Create Org. Plan (check the first post).
(Note: Do not create your Organizational Plan without this switch on. If you do, structural authorizations will not work and some org and infotype setup will not work. You cannot turn the switch on and get structural authorizations on an organizational plan, that was created while it was off, to work..)
5. Create Personnel Master Record: Tcode is PA40. This is time consuming staff.
6. Create record for Infotype 0105 - TCode is PA30.
7. Create Structural Authorization Profiles u2013 TCode = OOSP
8. Create entry for IT 1017 - TCode is PO10 (Organizational Unit) or PO13 (Position).
9. Assignment of Structural Authorizations: The assignment of the Structural Authorization can be found with good details here in [SAP Help|http://help.sap.com/saphelp_erp60_sp/helpdata/en/97/27973b3ea3eb0fe10000000a114084/frameset.htm].
Please check and let us know for any query.
Regards,
Dipanjan -
E-Recruiting and structural authorizations
Hello,
Were on e-recruiting 6.0. I have the impression that structural authorization is not always checked in this module.
Can anyone share experiences?
Thanks
KoenLet me take you through a brief description of the Authorisation.I am no expert just trying to figure out if I can help you or not.
At the lowest level are fields one or more of which gets mapped with Authorization object and one or more of which gets mapped with the authorization object class.Finally the required authorisation is being created and assigned to the profiles .
In e recruitment the objects are :
Candidates,Candidacy,Applicants etc,Its are 5125,5126,5104 etc till 5136.The infotyps delas with candidates ,applicants and postings etc.So the access and the entry of data in these infotypes should be controlled by some means or the other.
Hence structural authrorisation should always be there and hence checks will be there.
Message was edited by: Aniket Chatterjee -
Credit block should not prevent service order creation
An upgrade from 4.7 to ECC6, without any changes made to the configuration or program change, has lead to the following issue. ECC6 is not creating a service order connected to a sales order, when the customer has exceeded the credit limit. The sales order of custom order type is getting saved with a warning message that credit limit has exceeded. However, earlier in 4.7, the message would not stop creating subsequent service order. What could be different, that prevent ECC6 environment to hold on to service order creation? A subsequent release of the credit block through VKM1 however triggers the service order being created.
Are you using credit card processing in SAP to get the authorization?
If you are then the authorization should not block the order.
Or are you using credit card as a form of payment (without authorization) in which case this needs to be put on the customers account as a payment and then the order entered.
Where are you holding the credit card details? -
Credit block should not require for Credit card paid sales order
Dear friends,
my client want that sales oder with credit card payment should not block sales order for credit management reasons. Hoe can it be configured.
Regards
rdcAre you using credit card processing in SAP to get the authorization?
If you are then the authorization should not block the order.
Or are you using credit card as a form of payment (without authorization) in which case this needs to be put on the customers account as a payment and then the order entered.
Where are you holding the credit card details? -
hi
I am new to Authorizations ...
can somebody tell me the basics of Structural Authorizations from HR Module point of view ...
i would like to know the steps involved in setting up the structural authorizations from a organization's perspective ....
thanks
hr_userHi,
Structural authorizations are used to grant access to view information for personnel where HR has been implemented. Access is granted to a user implicitly by the useru2019s position on the organizational plan. Structural authorizations are not integrated into the standard authorization concept and structural authorization profiles are not the same as standard authorization profiles.
The use of structural authorizations can be illustrated by the following example. A manager can typically view or maintain information on employees in her organizational unit but not employees in other organizational units. When an employee moves from one unit to another his previous manager will no longer be able to view or maintain information about them. Similarly if a manager moves from one unit to another she will be able to see the employees in her new unit
Regards,
Prasad -
Transaction should not save if Credit card authorization fails-CRM
Hi all,
In CRM 4.0, we have a requirement where for the payment card authorization if fails the transaction should not get saved.
Is it possible, if yes how?
Would appreciate a response.
thanks in advance,
mdv.Hi mdv,
First of all you need to define Checking group and then assign the checking group to transaction. This is done in transaction SPRO, CRM->Basic functions->Payment cards.
Once you define and assign the system would automatically give a warning message if the checking fails. But it will still allow the user to save the transaction with warning.
For stopping transaction from being saved if the card authorization fails, then you need to implement BADI for transaction and call the FM COM_PAYCARD_AUTH and if the result of this FM call is failed card authorization, then raise DO_NOT_SAVE exception in the BAdI.
Reward points if I answered the query,
Jash -
Should not happen unless default context failed to deploy
Can somebody please throw some light on this error?
<Mar 5, 2001 10:07:26 AM EST> <Error> <HTTP> <HttpServer5173817,null
default ctx,POSDev01) found no context for "GET /classes/ringout_statelessSession3@/RingoutSessionBeanHomeImpl_WLStub.class
HTTP/1.0". This should not happen unless the default context failed
to deploy.>
Myself and lot of other people in my team are getting this error
when using beans in a cluster.
I am getting this error consistently whenever I make some code
changes in my bean class (not interface changes) and redeploy it
and try to lookup through a stand-alone client.
The only way I could find to overcome this problem is:
1) edit config.xml to remove the Application element completely
corresponding to the bean
2) remove jar files from the applications directory
3) re-deploy and run the client again.
Thanks a lot
Kiran Ganuthula
Partly it could be WLS problem also. Under any circumstances default webapp should be able
to deploy. I have seen somebody else also reported the same problem. The current problem is
if you delete anything from apps dir, the corresponding entry is not being deleted from config.xml
So next time when you boot the server, it tries to deploy the webapp and eventually it fails.
I 'm not sure if this is the situation in your case.
In anycase somehow Targets tag is not being picking up. That's why i asked you add
"WebServers" tag. I think we have done some major changes in SP1, to make sure that
default webapp deploys all the times.
If you still have problems, post it to servlet or management group, we will discuss there.
Kumar
Kiran G wrote:
> I edited the config.xml ONLY after getting this error. And, it worked.
>
> BTW, can you please be more specific about the changes to config.xml
> to solve the problem?
> If possible, can you give pertinent portion(s) of config.xml, highlighting
> the changes.
>
> Thanks
> Kiran G
>
> Kumar Allamraju <[email protected]> wrote:
> >
> >
> >It appears your "default webapp" failed to deploy.
> >Did you messed up with the config.xml?.
> >
> >Add the following to your default webapp tag?
> >
> ><Application
> > Deployed="true"
> > Name="DefaultWebApp_vindev1"
> > Path="./config/vindev1/applications"
> > >
> > <WebAppComponent
> > Name="DefaultWebApp_vindev1"
> > Targets="vindev1"
> > WebServers="vindev1"
> > URI="DefaultWebApp_vindev1"
> > />
> > </Application>
> >
> >
> >Here vindev1 is my domain's name..
> >
> >BTW, this is not a clustering question. So you better
> >post it to servlet newsgroup where you get much
> >better answers..
> >
> >Kiran G wrote:
> >
> >> I forgot to give these details about the problem.
> >> I am running this cluster using WebLogic 6.0 on a SUN
> >sparc machine.
> >>
> >> The error text given in my original posting appears
> >in the managed
> >> weblogic server's log. The exception that the client
> >receives while
> >> lookup is :
> >>
> >> javax.naming.CommunicationException. Root exception
> >is java.rmi.UnmarshalException:
> >> failed to unmarshal class java.lang.Object; nested exception
> >is:
> >> java.lang.ClassNotFoundException: RingoutSessionBeanHomeImpl_WLStub
> >> java.lang.ClassNotFoundException: RingoutSessionBeanHomeImpl_WLStub
> >>
> >> "Kiran G" <[email protected]> wrote:
> >> >
> >> >Can somebody please throw some light on this error?
> >> >
> >> ><Mar 5, 2001 10:07:26 AM EST> <Error> <HTTP> <HttpServer5173817,null
> >> >default ctx,POSDev01) found no context for "GET /classes/ringout_statelessSession3@/RingoutSessionBeanHomeImpl_WLStub.class
> >> >HTTP/1.0". This should not happen unless the default
> >context
> >> >failed
> >> >to deploy.>
> >> >
> >> >Myself and lot of other people in my team are getting
> >> >this error
> >> >when using beans in a cluster.
> >> >
> >> >I am getting this error consistently whenever I make
> >some
> >> >code
> >> >changes in my bean class (not interface changes) and
> >redeploy
> >> >it
> >> >and try to lookup through a stand-alone client.
> >> >
> >> >The only way I could find to overcome this problem
> >is:
> >> >1) edit config.xml to remove the Application element
> >completely
> >> >corresponding to the bean
> >> >2) remove jar files from the applications directory
> >> >3) re-deploy and run the client again.
> >> >
> >> >Thanks a lot
> >> >Kiran Ganuthula
> >> >
> >> >
> >> >
> >> >
> >> >
> >
> >
> ><!doctype html public "-//w3c//dtd html 4.0 transitional//en">
> ><html>
> >It appears your "default webapp" failed to deploy.
> ><br>Did you messed up with the config.xml?.
> ><p>Add the following to your default webapp tag?
> ><p><Application
> ><br> Deployed="true"
> ><br> Name="DefaultWebApp_vindev1"
> ><br> Path="./config/vindev1/applications"
> ><br> >
> ><br> <WebAppComponent
> ><br> Name="DefaultWebApp_vindev1"
> ><br> Targets="vindev1"
> ><br> <b><font color="#CC0000">
> >WebServers="vindev1"</font></b>
> ><br> URI="DefaultWebApp_vindev1"
> ><br> />
> ><br> </Application>
> ><br>
> ><p>Here vindev1 is my domain's name..
> ><br><br>
> >BTW, this is not a clustering question. So you better
> >post it to servlet
> >newsgroup where you get much
> ><br>better answers..
> ><p>Kiran G wrote:
> ><blockquote TYPE=CITE>I forgot to give these details about
> >the problem.
> ><br>I am running this cluster using WebLogic 6.0 on a
> >SUN sparc machine.
> ><p>The error text given in my original posting appears
> >in the managed
> ><br>weblogic server's log. The exception that the client
> >receives while
> ><br>lookup is :
> ><p>javax.naming.CommunicationException. Root exception
> >is java.rmi.UnmarshalException:
> ><br>failed to unmarshal class java.lang.Object; nested
> >exception is:
> ><br> java.lang.ClassNotFoundException:
> >RingoutSessionBeanHomeImpl_WLStub
> ><br>java.lang.ClassNotFoundException: RingoutSessionBeanHomeImpl_WLStub
> ><p>"Kiran G" <[email protected]> wrote:
> ><br>>
> ><br>>Can somebody please throw some light on this error?
> ><br>>
> ><br>><Mar 5, 2001 10:07:26 AM EST> <Error> <HTTP>
> ><HttpServer5173817,null
> ><br>>default ctx,POSDev01) found no context for "GET /classes/ringout_statelessSession3@/RingoutSessionBeanHomeImpl_WLStub.class
> ><br>>HTTP/1.0". This should not happen unless the default
> >context
> ><br>>failed
> ><br>>to deploy.>
> ><br>>
> ><br>>Myself and lot of other people in my team are getting
> ><br>>this error
> ><br>>when using beans in a cluster.
> ><br>>
> ><br>>I am getting this error consistently whenever I make
> >some
> ><br>>code
> ><br>>changes in my bean class (not interface changes)
> >and redeploy
> ><br>>it
> ><br>>and try to lookup through a stand-alone client.
> ><br>>
> ><br>>The only way I could find to overcome this problem
> >is:
> ><br>>1) edit config.xml to remove the Application element
> >completely
> ><br>>corresponding to the bean
> ><br>>2) remove jar files from the applications directory
> ><br>>3) re-deploy and run the client again.
> ><br>>
> ><br>>Thanks a lot
> ><br>>Kiran Ganuthula
> ><br>>
> ><br>>
> ><br>>
> ><br>>
> ><br>></blockquote>
> ></html>
> >
> >
[att1.html]
-
I don't know what's wrong with my Mac Mozilla Firefox, version 3.6.8, but today, it started alerting me about an error message on the "Error Console". In every website I visit, it tells me: "The 'charCode' property of a keyup event should not be used. The value is meaningless." Is this possibly caused by a virus?
I saw a pop-up which did not allow me to click it when I scatter the windows on my Mac. I was using Private Browsing, with pop-ups disabled, but one pop-up managed to get passed my settings, and open in another window. It would not allow me to select it, so all I did was to close Firefox, and start a new session. So far, everything has been normal, I also deleted the cookies it installed.
But, I still keep seeing that "Error Console" notice under my "Tools" on the Menu Bar, and when I clicked on it, it listed errors (such as what I listed above).
Would someone explain this to me?
Thanks for your help!The messages you see in the Error Console are mostly to assist the web site's author in resolving compatibility problems. Some of them can assist you in determining why a web site doesn't work as intended. The one you mentioned doesn't sound that suspicious, except that it occurs on many sites. Perhaps one of your add-ons is trying to monitor what you type?
To diagnose whether this is caused by an add-on or one of your settings, you could try the following:
First, make a backup of your computer for safekeeping. To back up Firefox, see [https://support.mozilla.com/en-US/kb/Backing+up+your+information Backing up your information].
Next, try starting Firefox in Firefox
[http://support.mozilla.com/kb/Safe+Mode Safe Mode]. Be careful not to "reset" anything permanently if you didn't back up.
Does that resolve the errors? If so, then an add-on usually is the culprit. If not, try creating a new (blank) profile: [http://support.mozilla.com/kb/Managing+profiles Managing profiles].
If the new profile works correctly, you can choose between further research on your old profile or moving key settings like bookmarks from your old profile to the new one. [https://support.mozilla.com/en-US/kb/Recovering+important+data+from+an+old+profile Recovering important data from an old profile].
Hope this helps. -
My quicktime is very jerky with 1080p video but when I play the video file in FCPX its smooth. I recently upgraded to OS mavericks on 2011 iMac with 16gb of ram and should not be having this problem. Is it possible to reinstall older software? I cant figure whats causing the jerky video so I'm assuming its the new OS. Any one have any suggestions?
I have the same but not the same problem. When I play a sound or a video on a website (other than youtube)on safari, a weird nois is comeing from the speakers, the sound has pops/clicks but if I play the same video/sound on mozilla it works fine.. If wnyone know what's the problem.. please let us know
-
Is there a possibility should not consider available quantity at time of MR
Sir,
Is there a possibility should not consider available quantity at time of MRP planning?
Example:
Available stock: 100
Planning stock: 100 (MD61)
Schedule line to be generate: 100 Qty (Exclude the available quantity at time of MRP planning)
regards,
sampathDear Sampath/Raj,
1) Move the stock to particular storage location for which you don't want to be consider by MRP
2) Now go to OMIR t-code, input value as 1 for that particular storage location
3) Go to MMSC, input value as 1 for that particular storage location
4) Go to MRP - 4 view Down you can find field Storage location input value as 1
5) Now run MRP, system will not consider stock of that particular storage location
Regards
Madhu
Maybe you are looking for
-
To copy the files I had to remove the hard drive and direct copy them to an expansion drive on another machine. ITunes recognized the copied files and operates correctly on the computer. I was able to download additional songs to ITunes on the comp
-
Apple AL wireless keyboard error when pairing
All was well with this keyboard until just recently. I've tried to pair this keyboard with 4 different Macs of mine (all 10.5.4/5) and get the same error over and over: The pairing attempt was unsuccessful. Make sure your keyboard is in range of this
-
CIF Problem -- Purchase Orders - Missing in R/3 with External Key
Hi, I have search for OSS Notes on this issue and no luck. When I look in the Error Code (183) in /SAPAPO/CCR. The message specifies "Schedule line does not exist in R/3 Message no. /SAPAPO/CIF183" Your input is appreciated.
-
so I just got the Lumia 1020 and I wanted to change the ringtone that it came with. I tried connecting it to my PC and following instructs on how to do it. So when I went to open up my ringtone + settings I did not see the new tones that I had just s
-
Problem installing Adobe Designer
Hi, When i install NWDS 7.0 version , it is not showing the option for installing Adobe Desingner . In older versions of NWDS we had to click one check box at the time of installation for activating and installing adobe designer . Because of this i a