HR-ABAP Infotype Authorization issue!

Hello Experts,
Need your quick suggestions and inputs, which we're currently facing in our project.
We're using the PNPCE Logical Database for processing/retrieving the records from infotypes and ALV reports are generated.
Currently, we have an authorization control which will restrict the user roles in accessing certain infotypes. Thus, the user role is assigned with necessary infotype access in PFCG.
Now the issue is if a particular user role donot have the authorization to infotye XXXX, which is defined in the Global Declaration (Top Include) in the INFOTYPES statement. Eg: INFOTYPES: XXXX.
Thus, when the report is executed, the following XXXX infotype authorization is checked as it is defined in INFOTYPES statement, but since the user role is not given the XXXX infotype authorization in PFCG the report execution fails when it checks the infotype authorization when it enters GET PERAS. Thus, a blank screen is thrown with standard SAP error... "No authorization for XXXX infotype".
Is there any way this error message which blocks the execution of the report be by-passed? If yes, please help to suggest the necessary steps to do so. Thus, the report execution should not be blocked and the ALV report should be displayed with blank values for those XXXX infotypes which donot have authorization even though defined in INFOTYPES statement in Top Include.
Hope am much clear in describing the major issue that we're currently facing.
Any inputs to get this issue resolved will be highly appreciated.
Thanks in anticipation.
Regards,
Sundar

Have you explored the option of using the BAdI HRPAD00AUTH_CHECK?
~Suresh

Similar Messages

  • ABAP Proxy authorization issue when sending message.

    Hi
    We have an interface which uses ABAP proxies. This is used to send a message with attachment, but when i send the message I am getting a 401 error message which says unauthorized.
    I checked all the configs on the sending side and i cant fine anythin wrong. I tried SLDCHECK and all looks fine there as well. I have done the configuration in the Integration engine on the sending side as mentioned in the BLOG - Activating ABAP Proxies.
    We have 3 XI systems Dev, QA and Prod sharing the same SLD. The configs that we have on the sending system (App Sys.) is given below.
    SM59
    HTTP connection : SAPISU_XID
    Host : XI Dev hostname Service Number 8080 (80 <sys number>)
    Path Prefix : /sap/xi/engine?type=entry
    USER  : XIAPPLUSER
    The TCP/IP connections LCRSAPRFC and SAPSLDAPI are also setup on the system which connects to our SLD.
    The TCP/IP connections works fine and i am able to test it succesfully, but the HTTP connection fails with an authorization error (401) when i test it. Now the wierd thing is if I use XIAFUSER instead of appuser it works fine, but if i make a copy of XIAFUSER and try that... It fails again.. I know it sounds strange. So i was wondering if there is any setting on XI which restricts HTTP connections to a particular user??
    I would really aprpeaciate if you could please give me your thought on this issue...
    Cheers
    Prav

    Hi Manish
    Thanks for the input again.
    I checked SICF on the XI system and its not set to any user.
    The HTTP connection on out prod environment is working fine without any issues and its uses a user which is a copy of XIAPPLUSER. SICF in prod also does not have any user configured for service SAP\XI\Engine.
    Thanks for the link, had a look at it, but It looks like these users mentioned are only available with XI7. Our server was upgraded from 3 to 7 and I am not able to find these users on the system.
    I tried testing the HTTP connection in prod using a diffrent user and found its the same story there. If i use any use other than the cutom one.. it fails.. could there be any setting in the exchage profile that can affect this??
    Thanks for your time and help.
    Prav

  • ABAP dump on authorization issue

    hello,
    I am not sure if this is the correct forum for this or not.
    I have an ABAP program that was written before I got here that performs the following statement
    <b>OPEN DATASET w_file FOR OUTPUT IN TEXT MODE ENCODING DEFAULT.</b>
    where w_file is a file on the app server. the users that run this program have no issues.
    I have made a copy of the program to add some additional functionality and when the users run this program, the program is abending with the following error messages when trying to execute the same command stated above
    Runtime Error      OPEN_DATASET_NO_AUTHORITY
    Except.               CX_SY_FILE_AUTHORITY
    I have talking to the security person and he is going to make another role with the authorizations needed to run the program but I am curious as to why the same person can run the one program successfully and my program (which does basically the same thing when it comes to the file processing) abends with the authorization issue.
    thanks in advance for your help

    I believe you can use FM to check if user has sufficient authorization.
    NOTE: authority-check uses PROGRAM NAME, so it looks like your profile should be updated with new program name.
    Here is what help says :
                                                                                    Check file access authorization                                                                               
    Functionality                                                                               
    This function module allow you to check the user's authorization to          
        access files (with the key words OPEN DATASET, READ DATASET, TRANSFER and    
        DELETE DATASET). A check should be performed before opening a file.                                                                               
    The authorization check is performed uwing the authorization object          
        S_DATASET.                                                                               
    Description of function parameters:                                                                               
    o  PROGRAM: Name of the ABAP/4 program that contains the file access. If     
           no program name is specified, the system assumes the current program.                                                                               
    o  ACTIVITY: Access type. The possible values are:                                                                               
    -  READ:              Read file                                           
           -  WRITE:             Change file                                         
           -  READ_WITH_FILTER:  Read file with filter function                      
           -  WRITE_WITH_FILTER: Change file with filter function                    
           -  DELETE:            Delete file                                                                               
    o  FILENAME: Name of accessed file                                                                               
    Example                                                                               
    TYPE-POOLS SABC.                                                                               
    CALL FUNCTION 'AUTHORITY_CHECK_DATASET'                                      
             EXPORTING  PROGRAM          = 'ZDATASET'                                
                        ACTIVITY         = SABC_ACT_READ                             
                        FILENAME         = '/tmp/sapv01'                             
             EXCEPTIONS NO_AUTHORITY     = 1                                         
                        ACTIVITY_UNKNOWN = 2.                                                                               
    Notes                                                                               
    The values to be passed as the ACTIVITY are defined as constants in the      
        TYPE-POOL SABC.

  • Authorization issue during Jump

    Hi all,
    I am faced with an authorization issue when I am jumping from a BW report into an ABAP report in R/3. The particular BW report is built on a Multiprovider and when I jump to the R/3 report it displays a message saying that I have no authorization to display the R/3 report. Now the issue is that when I run the same report on the base infocube and perform the jump there is no problem. It works just fine.
    Both the multiprovider and the base infocube have the same authorization objects checked.
    Can someone please help?
    Regards,
    Ashmith Roy

    Pls have a look on the below thread:
    Authorization by InfoArea
    Regards
    Ganesh
    *Assign points if this helpful

  • HR abap infotype 2

    Hi
    The program is creating a file. Code is shown below
    get pernr.
    rp-provide-from-last p0002 space pnpbegda pnpendda.
      IF pnp-sw-found = 1.
        MOVE  p0002-nachn   TO itab10-lname.
        MOVE  p0002-vorna   TO itab10-fname.
        MOVE  p0002-midnm   TO itab10-midinit.
       SPLIT P0002-VORNA AT ' ' INTO ITAB10-FNAME
                                ITAB10-MIDINIT.
        WRITE p0002-perid TO itab10-ssn RIGHT-JUSTIFIED.
        WRITE p0002-gbdat+4(2) TO itab10-bdate(2).
        WRITE p0002-gbdat6(2) TO itab10-bdate2(2).
        WRITE p0002-gbdat(4) TO itab10-bdate+4(4).
        SELECT SINGLE *  FROM t502t WHERE sprsl = sy-langu AND
         famst = p0002-famst.
        IF sy-subrc <> 0.
          MOVE 'Invalid' TO itab10-marstat.
        ELSE.
          MOVE t502t-ftext TO itab10-marstat.
        ENDIF.
        IF p0002-gesch = '1'.
          MOVE 'M' TO  itab10-gender.
        ELSE.
          MOVE 'F' TO  itab10-gender.
        ENDIF.
      ENDIF.
    but as time constraint of infotype 2 is 1, so can it be possible that rp-provide-from-last fails ie there is no record in IT0002
    for a particular employee(pernr) for date range specified on selection screen (dates are there on sel screen, and for few employees it is gettng failed, server is production, so can't debug and no of employees for which the program is running is around 16000)
    please help
    Regards
    Manu

    looks like an authorization issue.
    Infotype 0002 usually is created from birthday of the employee to high date (99991231) so there must be a record.
    Try to find out a PERNR missing and run and debug the report for this single PERNR.

  • Authorization issues on opening a dataset

    hello,
    I am not sure if this is the correct forum for this or not.
    I have an ABAP program that was written before I got here that performs the following statement
    OPEN DATASET w_file FOR OUTPUT IN TEXT MODE ENCODING DEFAULT.
    where w_file is a file on the app server. the users that run this program have no issues.
    I have made a copy of the program to add some additional functionality and when the users run this program, the program is abending with the following error messages when trying to execute the same command stated above
    Runtime Error OPEN_DATASET_NO_AUTHORITY
    Except. CX_SY_FILE_AUTHORITY
    I have talking to the security person and he is going to make another role with the authorizations needed to run the program but I am curious as to why the same person can run the one program successfully and my program (which does basically the same thing when it comes to the file processing) abends with the authorization issue.
    thanks in advance for your help

    Hi Timothy
    Well it is the correct forum
    When ever your accessing the file system the authorization object S_DATASET is checked.
    This object has Filename, activity and <b>program name</b> as input parameter.
    Best Practice would require you to limit access as much as possible, so my guess is that access only has been given to the original program, and not your new one - that's why your getting the ShortDump.
    You can find the documentation here: http://help.sap.com/saphelp_webas620/helpdata/en/fc/eb3d5c358411d1829f0000e829fbfe/frameset.htm
    Regards
    Morten Nielsen

  • Maintain Text PA - Authorization issue?

    Hi experts,
    I'm having a problem when updating text in infotypes using "Maintain Text" (F9). Most user's SAP GUI block when trying t access the text window (after clicking Maintain text). SAP GUI just freeze (no message). It's the only time I have got an error like this.
    Since some users are able to maintain text, do you think it could be an authorization issue?
    Could you please show me which authorization object should be customized to let them to maintain text?
    If you think is not an authorization issue, any idea?
    I would really appreciate your help since I run out of ideas...
    Thank you very much
    Chema

    Hi Dilek,
    thank you for your help. SU53 shows a problem with authorizations for P_ORGXX (R, ,,,,) for people who can't maintain text, but it also show a problem with P_ORGINCON (R,,,,,,,) for people who can.
    I know these two authorization object are related to infotype read/writing, but it is also related to maintain text feature?
    MS Word comment seems a posible explanation, because since SAP GUI blocks should be any local configuration issue, but still all computers has the same version and instalation.
    Thank you again for your help
    Cheers,
    Chema

  • How does IDM takecare of Authorization issues

    Hi All,
    I am pretty new to IDM product. I am aware that using IDM we can automate user creation and role assignment, also with 7.2 we have password self service available.
    However i will like know whether IDM can also be used for regular authorization issues i.e., let say a user is facing an authorization issue in a particular tcode, in order to solve this issue we need to assign additional field values in one of his roles. will such issues where user id is already present and roles also assigned to that id but some changes to his roles is required be taken care by IDM.
    I couldn't get this info from Master and solution operation guide of IDM  7.2, so thats why i am posting it here.
    Regards,
    Siva.

    Hello - No IDM only manages the abap roles ie provisioning and deprovisioning. If the user requires additional authiorization and a role exists to solve this then this role can be assigned from IDM. However if you need to add extra values to a role this still needs to be done using PFCG.
    Hope this answers the question.
    Chris

  • PA30 Display Facsimiles Authorization Issue

    Dear All,
    I am facing one authorization issue in PA30 Transaction. User trying to display the archived documents from PA30 > Extras > Display All Facsimiles, when user trying to execute he is facing the below authorization issue.
    You have no authorization to display the facsimile
    Message no. PG424
    I have analyzed this issue this is lack of infotype authorization, but I am not sure which infotype we have to give under P_ORGIN authorization object. SU53 not showing anything for infotype, it is showing  ' ' in infotype.
    I checked the below SAP notes also.
    1562091 - Display all facsimiles: Incorrect Message PG424/PG425
    1990223 - HRFORMS : Can not view archived documents in PA20
    373063 - Authoriztn for applicnts opticl archv does not work
    User getting access If I maintained Star (*) or (' ') . Please help me to solve this issue.
    Thanks
    Kishore ch

    Hello,
    You can check which Infotype your archived document is linked to in table V_T585O. A user will require read authorization for that infotype as well as an authorization for S_WFAR_OBJ for the document type. If I'm not mistaken you may even need S_TCODE or P_TCODE for transaction SDV.
    Secondly, I would not advise you to rely only on SU53 data for authorization checks as it only shows the last failed authorization check. You'll get a better view on what's going on by using the system trace (ST01) or the authorization trace (STAUTHTRACE).
    It seems a bit odd to me that assigning P_ORGIN with value ' ' for INFTY would solve the problem as that is the dummy value and should match with any other INFTY value your user has. Seeing as he/she has PA30 then I assume he/she will already have an authorization for P_ORGIN. Check the settings in V_T585O for the document type. Maybe someone made a mistake there and left the Infotype cell empty instead of "-".
    Good luck
    Brent

  • Secured WebDAV Mounted Volume Authorization Issues

    I use a secure WebDAV mounted volume from myDisk.se and up until the latest Security Update have had zero issues being able to manipulate files and folders as I would on a normal volume. However, since the installation of the Security Update (2009-004 (PowerPC) 1.0) I find weird things happening with this mounted volume:
    1) I am able to mount the secured WebDAV share using my security credentials.
    2) I can create a default "untitled" folder but when I try to change its name, the WebDAV authorization dialog pops up and despite entering the same credentials (why, I am not sure as the volume has already been properly credentialed in order to be mounted), access is denied.
    3) Trying to create a file within a folder on the mounted WebDAV volume I previously created pre-update causes the same authorization issue.
    I have no other WebDAV shares I can try to mount from any other companies so I am not sure if this is a myDisk issue or one borne from the Security Update. I am not a .Mac/MobileMe user and that info is not filled out in System Preferences. The internal hard drive has been meticulously maintained with Disk and Permissions repair being run both before and after each and every software update installed. Likewise, the volume's structure is also checked both before and after and shows no need for repairs.
    Any ideas? Perhaps there is a corrupted file somewhere that's affecting the authorizations needed by this third-party WebDAV volume?
    The machine that has this problem is the last model iBook G4/1.33GHz 12" display, 1.5GB RAM, and a 100GB 5400rpm HD which replaced the stock OEM 40GB 4200rpm drive about one year ago.
    I'm not willing to do an Archive and Install at this point as the loss of the WebDAV access to my online volume is not critical. Inconvenient as heck but not to the point where I'm willing (or able) stop my normal work to spend the hours it will take to get WebDAV access back.
    Thanks in advance for any insights.

    same problem here with webdav, I can't mount my idisk from university network on Mac Pro 10.5.3 (although it mounts fine from home network on both ibook and PMG5 10.5.3). Everything was fine with 10.5.2 and I already re-installed 10.5.3 combo. Other bugs as well with .Mac prefs (keeps crashing, sometimes it shows the available space on idisk but still no mounting, with error -35 or -8086), but .Mac sync is OK
    Jun 11 12:34:21 webdavfs_agent[579]: mounting as authenticated user
    Jun 11 12:34:22 kernel[0]: webdav server: http://idisk.mac.com/[username]/: connection is dead
    Jun 11 12:34:22 KernelEventAgent[75]: tid 00000000 received VQ_DEAD event (32)
    Jun 11 12:34:22 kernel[0]: webdav_sendmsg: sock_connect() = 61
    Jun 11 12:34:22 KernelEventAgent[75]: tid 00000000 type 'webdav', mounted on '/Volumes/[username]', from 'http://idisk.mac.com/[username]/', dead
    Jun 11 12:34:22 kernel[0]: webdav_sendmsg: sock_connect() = 61
    Jun 11 12:34:22 KernelEventAgent[75]: tid 00000000 found 1 filesystem(s) with problem(s)
    Jun 11 12:34:22 kernel[0]: webdav_sendmsg: sock_connect() = 61
    Jun 11 12:34:52: --- last message repeated 1 time ---

  • BI 7.0 Analysis Authorization issue: some reports displaying a blank page.

    Hi All,
    This is regarding BI 7.0 Analysis Authorization issue.
    Overview:
    we have restricted some queries at infoobject level.
    Issue:
    a. For some of the queries, we can see the selection screen but when we try to execute the query by clicking on the execute button (Queries WAD) we get a blank page, meaning nothing is displayed on the output (white/Blank screen).
    b. When we execute the same query through RSRT, we get a message which says "Disconnecting from BW server..".
    c. Let me explain further on this. Basically we are doing this in order to have limited access to Auditors at the client side. At the same time normal users should not get impacted due to this, hence we created two roles. One for normal users and other for Auditors.
    d.  Now the thing is that we execute the same report with normal user ID's the report executes properly and displays the output. it does not show the blank page.
    e. But when we execute the same report with Auditors ID then we get a blank page.
    Any idea why this is so?

    Hi Neha,
    I tried the below also,
    GL Acnt
    I EQ 0000134010
    I EQ :
    but still it didn't work.
    No Infoobject is missing in Authorization Object.
    For your point, "rsecadmin - > analysis -> execute as -> check for the desired user & analyze the log" it didnu2019t allow me to analyze, since as soon as click on execute button a pop-up comes up saying "Disconnecting from the BW server..."
    As mentioned earlier also it is giving me the below message,
    ""I>> Row: 103 Inc: AUTHORITY_02 Prog: CL_RSR_RRK0_AUTHORIZATION                                                                       RS_EXCEPTION        301CL_RSR_RRK0_AUTHORIZATION                         AUTHORITY_02"
    Kindly suggest, since this is a show-stopper for us!
    Thanks,
    Ishdeep Kohli.

  • Variable screen/variant screen authorization issue

    HI All,
    We have implemented standard Cost Center Overview Report(0SR_C02_Q0002) in BI 7.
    We have three selection fields:
    1.Company Code which is mandatory
    2.My controlling Area which is also mandatory
    3.Costcenter which is not mandatory
    The requirement we are facing over here is that in the Variable screen/variant screen when I enter a company code, then I need to display dynamically only those "My Controlling Area" values which are assigned to that particular company code and not all. In the same way after selecting the appropriate "My controlling area" value, I need to display only those cost centers in the cost center selection field which are assigned to the selected company code and My controlling area combination and not all.
    can anyone guide me on how to go about on this authorization issue at the variable screen itself.
    Please treat this issue/requirement on high priority.
    Appreciated in advance.
    Regards,
    raps.

    Hi,
    I think that an alternative to solve your concern could be using Web Application Designer (WAD).  In this respect, there are several design options, with different levels of complexity.
    As the simplest alternative, you could create a WAD including your query and three Dropdown Boxes: one for Company, a second for Controlling area and another for Cost center.  The four mentioned elements should be linked to the same dataprovider so, when you select a company, the options in the other two Dropdown boxes and the information in the query are updated.
    In order to enforce mandatory filter selection at Company and Controlling area level, you should set NO_REMOVE_FILTER='X' in both two Dropdown boxes, so that "All values" option -which would mean no filtering- is not offered.
    I hope this helps you.
    Regards,
    Maximiliano

  • Authorization issue - help request

    Hi guys,
    One of the consultants is having an authorization issue ( He is not abele to run a t-code)
    I ask him to run a su53 report and i am not sure how to proceed with this.
    Please help.
    Here are the details from the SU53 report.
    DISPLAY AUTHORIZATION DATA FOR USER VYXXXX
    User : VYXXX                       profile parameter authorization buffering    4
    Authorization Object: F_KNA1_GRP
    Description
    Authorization check failed:
          + Authorization object F_KNA1_GRP Customer Account Group Authorization
                Activity                                08
                Customer Account Group     ZM01
    Users Authorization Data :
          +  Authorization object F_KNA1_GRP Customer Account Group Authorization
                   Authorization  T-PD19002300
                  Authorization  T-UG39000900
                  Authorization  T-UG39001000
    Please help me guys what need to  be performed.
    Regards,
    Vamsi.

    Hi Vamsi,
    SU53 shows us the last failed authorization for a user. However, it might not only be the failed authorization object failed.
    Hence, "just to learn" , you can use transaction ST01 to enable and run a trace for particular users. Be sure to use in a test environment first, and with proper filters. (for a particular user only).
    Then check-> which auth object is failing.
    RC=4 means a object value is failing.
    RC=12 means an object is missing!
    Check, which tcode is calling that object and this tcode is present in which role. Then.........proceed.
    You can check the SAP documentation on running traces on the help portal of SAP.  I think you will find the answer yourself by troubleshooting more and may be massaging some test roles here and there!
    Likewise, if you are new to security, I would encourage you to start by reading some books on SAP security. Authorizations made easy is a good book to start with.
    Let me know if you have any questions
    EOD for me :P . take care
    Abhishek

  • Authorization issue in Info spoke

    Hi all,
    I am facing some authorization issue when executing info spoke in process chain.
    Info spoke is working fine in direct Scheduling (both background and Dialog).
    Am getting this error after execution of process chain
    "System error: RSDRC / FORM AUTHORITY_CHECK RSDRC / FORM AUTHORITY_CHECK R"
    "System error: RSDRC / FUNC RSDRC_BASIC_CUBE_DATA_GET RSDRC / FUNC RSDRC_B"
    "System error: RSDRC / FORM DATA_GET RSDRC / FORM DATA_GET RSDRC / FORM DA"
    "Extraction Cube : Error in DataManager API".
    I dont know why this problem comes.
    Can anyone tel me what went wrong and how to solve it.
    Thanks in advance.
    Kind regards,
    Shanbagavalli.S

    Hi All,
        The above issue is getting due to # character in text at end(e.g ljdfsaa##). After removing # characters in text issue got resolved.
    Thansk,
    Manjunatha

  • Authorization issue after the Support packs upgrade

    We're having problem on authorization issue after the SP upgrade.
    One issue if "You are not authorized to call up line item display" using FCH1 and FS10N tcodes.
    And the SU53 showing problem on S_TCODE FAGLL03.
    How are we going to solve this issue? We dont want to add this missing auth object on all our finance roles.
    Thank you in advance.

    How can i send you the trace file? What is your email address?
    If I were you, I won't do that. Did you not ever sign some confidentiality agreement? I wonder.
    Anyhoo... (copy right @ David)
    What are the objects been caught in category RC=4, RC=12?
    Relate them with functional aspect of the transaction (error screen)
    Edited : You can paste RC=4, RC=12 objects here without customer specific value if you want to.
    Regards,
    Arpan Paik
    Edited by: P Arpan on Aug 23, 2011 2:36 PM

Maybe you are looking for

  • And ddr333

    Don't know if anyone has had this problem, but... there seems to be a conflict between some ddr@333 and these mobos. I got a system with 2.8 intel cpu, 865PE neo LS (I think) and 512 DDR at 333, with win XP home. From the start got a lot of random er

  • Spool sending as an Email

    Dear Experts. I have build 2 reports which both are running as a job. - the first one  creates a List with the Information and save it as a spool - the second runs directly after the first and sent the spool has been created as an email. Now I'd like

  • The portlet could not be contacted and other time-out errors: the cause!

    Did you encounter these kind of errors? Even after upgrading to version 3.0.9.8.1? We have searched for many months for the cause of these problems and finally found it. It's the user SYS ! When you analyze SYS's objects (tables and indexes), Portal

  • Third party tools for documentaion for SAP objects

    Good day,, I would like to if there are any Third party tools for maintaining the documentation for the SAP Objects ... Many thanks ..... Kripa Edited by: kripa shankar on Feb 25, 2008 8:21 AM

  • Adobe reader for mac problem

    I have download the Adobe reader 11.0.0  for my Macbookpro  OS  10.9.2   When i try to open a document it telling me that my document is Damage... But i can open the same document on my ipad with no problem  Also  it is telling me the same think with