HR Authorization Specific Scenarios.

Hi all, i am faced with the following scenarios and trying to see if my solution is correct;
There is a group of HR Users in the company and each HR user in the HR department is not allowed to view each other's Personal Data. However the challenges come with this 2 exception;
1. 1 User is able to approve the leave of another, meaning there must be some maintenance access to allow Write to say IT2001 (Absences)
2. 1 or more HR users will run PAyroll for the HR department. Again, more infotypes need to be read in order to achieve this.
To separate the access within their own staff, i implement a value in IT0001-SACHP (value 001) so that they are restricted in their profile to their own HR Grouping. Their profile has all access except 001.
For the ability to approve Leave and also perform payroll, am i right to specify P_ABAP to say that i bypass IT check for the reports/programs related to the leave approval and Payroll run ?
Advice is greatly appreciated!

Hi,
I don't think P_ABAP bypasses Program authorization. It's for Reports.
To quote :
P_ABAP does not affect the authorization to start reports (this controls the program execution checks). Simplifies and accelerates additional individual checks in HR reports, or switches them off entirely.
If the user, as a general rule, is permitted to carry out uncritical reports (e.g. creating a list of telephone numbers), then do not assign an authorization for the object HR: Reporting (P_ABAP).
Using P_ABAP in HR Reporting:
You can use the relevant authorizations for this object to control how the objects P_ORGIN, P_ORGXX,
Customer-specific authorization object P_NNNNN are used in the specified reports to check the authorization of HR infotypes.
You can also use reports to control the infotype authorization check. This can be useful for functional reasons or to improve performance at runtime of the corresponding reports.
For this object, enter the report name(s) in the REPID field and the degree of simplification to be used for the authorization check in the COARS field.
The following degrees of simplification are possible:
COARS = <BLANK> or no authorization.
COARS = 1.The authorization checks for the infotype/subtype combination and for organizational assignment are to be checked separately.
This means that a user is authorized to read a personnel number when he or she has a read authorization for all the infotypes (subtypes) requested by the program and that the user has a read authorization for the organizational assignment of the personnel number.
COARS = 2. The authorization check is inactive.
Note that an ABAP authorization for report SAPDBPNP with COARS = 2 means that all HR reports based on the logical databases PNP or PAP (nearly all reports) cannot perform any more authorization checks. In general, you will only want to deactivate the authorization checks for a very small number of Reports. In case of doubt, do not assign your users authorizations for the P_ABAP object.
Futhermore, this authorization object differs from the object S_PROGRAM (ABAP: Program Run Checks).
The latter is used for _general program authorization checks.
In HR reports, these checks are carried out in addition to the HR infotype authorization check. HR Reporting, however, overrides the HR infotype authorization check for selected reports, with the result that the authorization checks are weakened or completely switched off.
SAP_EMPLOYEE_ERP is available only in mySAP ERP 2004 ;
Regards,
Remi

Similar Messages

Report Subscription fails, shows 'success', specific scenario

I have a report that will run successfully except for one very specific scenario. Any help or suggestions tracking down this issue would be helpful.
The report is named ProjectsWeeklyReport.rdl and takes a single parameter of a specific user's login account "DOMAIN\username"
The report runs successfully in the web regardless of the parameter (works for all users, including john.doe)
The report runs successfully in Report Builder regardless of the parameter (works for all users, including john.doe)
The report runs successfully as a subscription with the report included as a
MHTML file and a statically-selected parameter EXCEPT for john.doe. The same report works for all other users selected as the parameter
The report runs successfully as a subscription with the report included as a
Excel file (instead of an MHTML file) regardless of the statically-selected parameter (works for all users, including john.doe)
To summarize, in order for the report subscription email to fail, these conditions have to be met (otherwise the result is success):
- Report must have the parameter "DOMAIN\john.doe"
- Report must NOT be MHTML format in the email
I can see the subscribed report worked according to the ReportExecutionLog in MS SQL. Is there any reason why the MHTML version of the report subscription would fail to email? Any reason why it would fail as MHTML but be fine in other formats
(PDF & Excel both tested success)
For example, this one was never emailed:
InstanceName: APPSERVER\@Sharepoint
ItemPath: /{73419db6-f0e2-4096-a710-c630e8a26295}/Reports/ProjectsWeeklyReport.rdl
Username: DOMAIN\p_sps_app_pool_porta   (App pool account)
Execution ID: rkciwraxt5cmoi55niw3wx45
RequestType: Subscription
Format: MHTML
Parameters:   Engineer=DOMAIN%5Cjohn.doe
ItemAction: Render
TimeStart: 7/22/2014 4:27:05 PM
TimeEnd:   7/22/2014 4:27:12 PM
TimeDataRetrieval: 1200
TimeProcessing: 75
TimeRendering:   5667
Source: Live
Status: rsSuccess
ByteCount: 277050
RowCount: 431
NOTES:
There are no logs in Exchange message tracking of this email ever reaching our servers
The Manage Subscriptions page shows the report emailed successfully "Email sent to.." with the correct timestamp of 7/22 at 4:27 PM
And compare to this one that was successfully emailed:
InstanceName: APPSERVER\@Sharepoint
ItemPath: /{73419db6-f0e2-4096-a710-c630e8a26295}/Reports/ProjectsWeeklyReport.rdl
Username: DOMAIN\p_sps_app_pool_porta   (App pool account)
Execution ID: 1yycmuiwc4hzymzuyj1zbc45
RequestType: Subscription
Format: EXCELOPENXML
Parameters:   Engineer=DOMAIN%5Cjohn.doe
ItemAction: Render
TimeStart: 7/22/2014 4:21:10 PM
TimeEnd:   7/22/2014 4:21:18 PM
TimeDataRetrieval: 1574
TimeProcessing: 73
TimeRendering:   5912
Source: Live
Status: rsSuccess
ByteCount: 34180
RowCount: 431
Suggestions of where to look for errors? Troubleshooting ideas? Anything would be helpful! Thanks in advance.

Hi ElizabethCEE2010,
We can try to check the detail information about the error in the log file. The SQL Reporting Services log files are found on the reporting services point server, in the folder %programfiles%\Microsoft SQL Server\<SQL Server Instance>\Reporting Services\LogFiles.
Besides, to monitor and troubleshoot Subscriptions in Reporting Services, we can refer to the following two good blogs post by Dean Kalanquin:
Monitoring and Troubleshooting Subscriptions
Troubleshooting Subscriptions: Part II, Using the Reporting Services Trace Log File
Hope this helps.
Thanks,
Katherine Xiong
Katherine Xiong
TechNet Community Support

Specific scenario in PROFIT CENTER ACCOUNTING

Can someone tell me his/her experience about a specific scenario in Profit Center Accounting where he/she faced a problem and did something special in configuration/development in order to move from legacy to SAP system.
I would appreciate the help and award suitable points.
Thanks
Chandan

Hi
Below are some steps in the SAP transfer pricing:
Define transfer prices
Define transfer prices as surcharges on valuation prices
Plan transfer price effects on results by valuation of quantities
Valuate goods movements with transfer prices
Perform manual postings and corrections
Analyze results using reports
More on below link
http://help.sap.com/saphelp_45b/helpdata/EN/eb/13736a43c411d1896f0000e8322d00/frameset.html
SKS

Specific scenario in PROFITABILITY ANALYSIS

Can someone tell me his/her experience about a specific scenario in Profitability Analysis where he/she faced a problem and did something special in configuration/development in order to move from legacy to SAP system.
I would appreciate the help and award suitable points.
Thanks
Chandan

Hi,
Are you looking at KE30 - drilldown reports?
Rgds.

Specific scenario in AP

Can someone tell me his/her experience about a specific scenario in AP where he/she faced a problem and did something special in configuration/development in order to move from legacy to SAP system.
I would appreciate the help and award suitable points.
Thanks
Chandan

hi Chandan,
AP/AR are the combination of masters. For example in AP the vendor are the list of accounts to be maintained. The consistency of this master cannot be determined as the business grows the vendor may even grow on daily or monthly basis. Hence the master ledger of GL will be maintained in chart of accounts and the masters of AP/AR will be maintained as sub ledgers under the GL accounts
Accounts Payable is the management of vendors and the accounts receivable is the management of Customers.Both are sub sidiary ledger.And both vendor and customer are integrated with general ledger with reconcilition account.
So when any transaction happens in sub sidiary ledger GL is automatically updated since GL is integrated with Sub sidiary ledger through Reconcilition account.
The GL balance which is updated throuh Reconcilition account like Sundry crdeditors and the Sundry debtors are used while preparing the Financial statment like Balance sheet under the head Current Asset,loans and advances less Current liability.
Please see the below links and these are very usefull to u...
http://sapbrainsonline.com/TUTORIALS/FUNCTIONAL/FI_tutorial.html
http://help.sap.com/saphelp_47x200/helpdata/en/41/37b8e7455b11d182b40000e829fbfe/frameset.htm
Assign the points if usefull to u ....
Ranjit

Mysql database "Invalid authorization specification:"

Hi,
we are using mysql database in our server. i ve created one database name and restored the data into that and i ve granted the all previliges for that user with one username and password. Now i ve written a java program to access that data base. and i am running that java program in server using one script. while i am running my java program in server. i am getting following exception message.
Database: jdbc:mysql://ip. . . /xxxtesst
user: xxxtest
password: xxxtest
<DbCall> doSomething Error 1: null
java.sql.SQLException: Invalid authorization specification: Access denied for user 'xxxtest'@'app1.dmz.mysite.com' (using password: YES)
java.sql.SQLException: Invalid authorization specification: Access denied for user 'xxxtest'@'app1.dmz.mysite.com' (using password: YES)
at org.gjt.mm.mysql.MysqlIO.init(Ljava.lang.String;Ljava.lang.String;)V(Unknown Source)
at org.gjt.mm.mysql.Connection.connectionInit(Ljava.lang.String;ILjava.util.Properties;Ljava.lang.String;Ljava.lang.String;Lorg.gjt.mm.mysql.Driver;)V(Unknown Source)
at org.gjt.mm.mysql.jdbc2.Connection.connectionInit(Ljava.lang.String;ILjava.util.Properties;Ljava.lang.String;Ljava.lang.String;Lorg.gjt.mm.mysql.Driver;)V(Unknown Source)
at org.gjt.mm.mysql.Driver.connect(Ljava.lang.String;Ljava.util.Properties;)Ljava.sql.Connection;(Unknown Source)
at java.sql.DriverManager.getConnection(Ljava.lang.String;Ljava.util.Properties;Ljava.lang.ClassLoader;)Ljava.sql.Connection;(Unknown Source)
at java.sql.DriverManager.getConnection(Ljava.lang.String;Ljava.lang.String;Ljava.lang.String;)Ljava.sql.Connection;(Unknown Source)
at escrow.LandamDbremove.findnewrecords()V(LandamDbremove.java:205)
at escrow.LandamDbremove.main([Ljava.lang.String;)V(LandamDbremove.java:761)
Exception in Main : java.sql.SQLException: Invalid authorization specification: Access denied for user 'xxxtest'@'app1.dmz.mysite.com' (using password: YES)
Note: i ve given currect username, password, database name in my program.

When setting up users it is possible to restrict access by ip. You may have full priviledges as 'slai@localhost" but not as '[email protected]' . Check the user tables and see.

When do we use CE plan operators in HANA? any specific scenario?

when do we use CE plan operators in HANA? any specific scenario?

With current versions of SAP HANA you can avoid using CE-functions completely.
There's usually no need to choose them over plain SQL code,
- Lars

Invalid authorization specification, message from server

I am new to JDBC, and Java. I'm trying to connect MYSQL database with the following code, i compiled and execute jdbcExample (using JCreator). It giving me this error:
Exception: Invalid authorization specification, message from server: "Access denied for user: '[email protected]' (Using password: YES)". I have full access granted to the mydb database. Please advise. Thanks!!
package BeanDir;
import java.sql.*;
public class jdbcExample {
public static void main(String args[]) {
Connection con = null;
try {
Class.forName("com.mysql.jdbc.Driver").newInstance();
con = DriverManager.getConnection("jdbc:mysql://myintranet/mydb?user=slai&password=mypasswd");
if(!con.isClosed())
System.out.println("Successfully connected to MySQL server...");
} catch(Exception e) {
System.err.println("Exception: " + e.getMessage());
} finally {
try {
if(con != null)
con.close();
} catch(SQLException e) {}

When setting up users it is possible to restrict access by ip. You may have full priviledges as 'slai@localhost" but not as '[email protected]' . Check the user tables and see.

InfoPath form failed to use NTLM authentication to load data - Invalid authorization specification

I knew this might be discussed in other places but I've searched over the web but still do not have a clue how to fix my issue.
I am using SharePoint 2010 and I created an InfoPath form that reads data from a database using data connection file (udcx). As explained in many other articles, I've set up my secure store correctly and created an application called 'InvestmentOperationAccess'
with a windows service account and then export the udcx file and enabled the <udc:Authentication> tag as flowing:
<udc:Authentication><udc:SSO AppId='InvestmentOperationAccess' CredentialType='NTLM' /></udc:Authentication>
Then I upload this file back to the data connection library and approved. But when I try to load the form in web broswer, I received the following error:
05/15/2013 14:40:15.09 w3wp.exe (0x0C94) 0x263C InfoPath Forms Services Runtime - Data Connections eq8l Warning The following query failed: EntityMatrixView (User:
xxxxx\xxx, Form Name: Template, IP: , Connection Target: , Request:xxxxxxxxx(URL of the list) Form ID: urn:schemas-microsoft-com:office:infopath:list:-AutoGen-2013-05-14T23:32:41:604Z
Type: DataAdapterException, Exception Message: The form cannot connect to the data source. Invalid authorization specification
In the meantime, I used SQL profile try to capture the credential it is used by nothing was passed to that SQL box.
Then I created another application in my secure store with SQL login account and modify my udcx file to be
<udc:Authentication><udc:SSO AppId='InvestmentOperationSQLAccess' CredentialType='SQL' /></udc:Authentication>
This time when I load the form, everything worked and in SQL profile I can see it is reading data using the SQL account I specified in secure store.
In a nutshell, it is working with SQL authentication type but not NTLM, anyone could help me with that?

Same problem here. Anyone has a solution for that?
It seems one cannot use windows accounts with secure store and database access for info path data sources ...

Specific scenario in AR

Can someone tell me his/her experience about a specific scenario in AR where he/she faced a problem and did something special in configuration/development in order to move from legacy to SAP system.
I would appreciate the help and award suitable points.
Thanks
Chandan

hi Chandan,
Pls go through the below link for all the queries....
http://sapbrainsonline.com/TUTORIALS/FUNCTIONAL/FI_tutorial.html
http://sapbrainsonline.com/TUTORIALS/FUNCTIONAL/FI_tutorial.html
pls assign the points, if usefull to u......
Ranjit

Specific scenario in GL

Can someone tell me his/her experience about a specific scenario in GL where he/she faced a problem and did something special in configuration/development in order to move from legacy to SAP system.
I would appreciate the help and award suitable points.
Thanks
Chandan

Hi,
When u r transfering the legacy data to sap in midst of the posting period with cutoff balances take care off tolerance group. Tolerance group are defined from the point of view of day today entries . This gives u problem when u are going to upload the data for a period which consist of total of that respective period per account. And this total u have to add with 1 or max 5 transaction runs where tolerance has to be considered.
Warm Regards

Invalid Authorization Specification

When I go to the homepage of my companies website I am
receiving an entire error report as is anyone else that goes to the
site. The [problem is such that I cant even get to the backend
control panel because the authorization of my database is all
messed up.
The error I receive is : Invalid Authorization Specification:
Access denied for user:
&apos;[email protected]&apos; (Using
Password: Yes)
The web address is www.nehra.com
Any ideas about what I should do from here I have already
rebooted the server and gone that direction and nothing
changed...

Can you use some kind of database tool to connect to the
database in
question to make sure it is up and running and behaving
properly. And
that you can log on with these credentials?
Mrtechguy wrote:
> When I go to the homepage of my companies website I am
receiving an entire
> error report as is anyone else that goes to the site.
The [problem is such
> that I cant even get to the backend control panel
because the authorization of
> my database is all messed up.
>
> The error I receive is : Invalid Authorization
Specification: Access denied
> for user:
&apos;[email protected]&apos; (Using
Password: Yes)
>
> The web address is www.nehra.com
>
> Any ideas about what I should do from here I have
already rebooted the server
> and gone that direction and nothing changed...
>

[svn:cairngorm3:] 16337: Fixing an NPE for a specific scenario:

Revision: 16337
Revision: 16337
Author:   [email protected]
Date:     2010-05-27 00:41:31 -0700 (Thu, 27 May 2010)
Log Message:
Fixing an NPE for a specific scenario:
when using multiple listeners for one validator and when some of the listeners become null and a reset() on the validator group is called.
Modified Paths:
    cairngorm3/trunk/libraries/Validation/src/com/adobe/cairngorm/validation/ValidatorMultipl eListeners.as

Wow that was a very quick response. Thanks camickr. I am only trying to delete a single row. I do not know how to go about posting a test program for the code I have posted above because honestly the gui itself is 800 lines of code, and then the file reading class is quite funky in itself. I can maybe email you the entire Netbeans project including code so if you are using Netbeans 5 RC2 you can run the code and see for yourself, but that would not be considerate of me.
See I am trying to delete any row at any time...but only one at a time not multiple rows...so if a user decides to delete row 23 and then tries to delete the last row which happens to be row 33 in my case, my setup should be smart enough to still allow to delete the row.

Authorization Relevent Scenarios

Hi All,
I need a help of your suggestins to get a proper way to write my thesis over New Bi Authorization topic.
I want to ask you what are the possible authorization scenarios you can think according to your experience.
for example
I have few of them
1.Restriction to the one value of an InfoObjects.
2.User has access to two projects in one project he has access to few material plant while in other project he has access to all material plant.
3.You have for an InfoObject the checkbox authorization relevant has activated. What are the effects of this on other projects.
4.How Authorization to the hierarchy nodes are defined.
5.How combination of value authorization restriction and hierarchy authorization is working.
can you think more of such scenarios.
Please forward me as meny possible authorization scenarios you can think.so that i can implement these scenarios as an prototype and it will be helpful to me to write my master thesis.
Hope for the positive and quick answer from your side.
With Best Regards And Thanks,
Deepak

Well,
User has access to one key-figure for one project and all key-figures for another project;
User has automatic filled authorization while executing a query;
User has his/her authorization automatically filled in a user exit while executing any query;
User has access to company code has a navigational attribute authorization with for example 0PLANT__0COMP_CODE instead of 0COMP_CODE and even for example 0PLANT is not marked as authorization relevant;
User has access in one project to view the data (executing queries) and in another project he/her has access to plan the data (write data);
Diogo.

Specific scenario

Hi Gurus
can anybody please help me on how to handle this scenario? We created sales order on company A (the end cutomer name), but we will ship all the reuqired components to another company B and they will assemble everything and then send it to the end customer(company A). How we need to treat this scenario? What should the shipping folks reference against when they try to create a delivery? Please help
Thanks
Anusha

HI Anusha,
You requirment can be solved by mapping Sub-contract process...
You will delivery X material to Company B .Company B will add XYZ and this Product will send by Company B or You .
Delivery and Invoice to Company A.
You check with MM people .they interacting more than SD in this Requirment.
Revert if you have any Specific requirment.
Best regards
raj.

HR Authorization Specific Scenarios.

Similar Messages

Maybe you are looking for