Limiting payroll t-code access

Similar Messages

• Limitting payroll t-code access

  Hi expert,
  I have a problem for restricting authorization for user for payroll t-code.
  Apparently, some user is only allowed to ru offcycle payroll. So for example, for t-code "PC00_M34_CALC", user should only be able to run offcycle payroll so on the field declaring payroll type, they should only be able to enter 'A' -> offycle payroll.
  I couldn't find a way to solve this through authorization object, so far my only found option is to manipulate the transaction selection screen.
  I tried to use transaction SHD0 to manipulate the screen for the t-code, but apparently, transaction variant for t-code "PC00_M34_CALC" can not be made. Therefore I tried to play with variant by:
  1. making the payroll type field is not inputable and automatically set 'A'
  2. Protect the variant so it couldn't be changed by people except me
  3.and then save the variant as customer variant "CUS" so that it could be transported.
  After that I created a new T-code let's say Z'' where the default variant "CUS" is used for the t-code.
  Problem arises as user has access to variant, they could create another variant, save it and then use it to open all access. Is there any way to limit either:
  1. User has no access to variant creation
  2. T-code couldn't be run except by a certain variant
  Is there a way to solve my problem?
  I'm open to any other possible solution to solve this problem.
  Thanks in advance

  Use authorization object S_PROGRAM.
  For the field P_ACTION do not include 'VARIANT'

• Project Admin & Contributor cource code access control

  I am setting up access control on a TFS 2013.2 TFSVC project
  To deny access by default I added the Contributors group in the root of the source tree and set all permissions to deny, then on individual source folders I set the permissions for specific groups. So far so good, members of those groups can see the code
  I want them too and only that code.
  The problem is for project admins.
  All teams are members of the contributors group so that they get team functionality such as team email alerts. If someone in the Project Admin VSO group is added to a team they therefore become part of the contributors group due to inheritence and their
  code access to the top of the source tree is denied by default.
  Is it so that project admins canot be members of teams? This would be a problem because often the project admins also are the leads who define and administer the teams in TFS. If no-one is able to see the top of the source tree, whould be able to create
  a new sub-folder?

  Hi QualityJanitor,
  Thanks for your reply.
  In your scenario, if you add the team project admin user in team group, he can view the source structure in Source Control Explorer, but he cannot open any file to read. He can create new sub-folder in Source Control Explorer, but he cannot check-in this
  sub-folder. 
  We suggest you create a custom team group in your team project, and add all the users(which you want deny the code access by default, exclude team project admin) in this custom group, then use this custom group instead of Contributors group in the root of
  source tree, and set all permission to deny for this custom group.
  We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
  Click
  HERE to participate the survey.

• Payroll Status Code ?

  Hi ,
  Can anyone let me know what do we mean by Payroll Status Code , lenght of the field is 1.
  In the program :
      IF v_back IS initial.
       MOVE '3' TO it_output-py_code.
      ELSE.                                                         MOVE '1' TO it_output-py_code
     ENDIF.
  Is there any specific field or is it just a indicator for futher processing.
  Thanks,
  Rohit

  I feel it is Payroll State code of an payroll area.
  It will have four types of statuses.
  1.Exit payroll
  2.Release for payroll
  3.Correction mode
  U will find it in T569V-STATE  field

• Compay code access

  Hello experts
  We have setup our roles as two sets; one set with org level access and other set with transaction codes/functional access. Whenever a user is setup we assign functional role and appropriate org level roles so he/she will have access to the transaction for desired org level.
  We have a user who has org. level roles for all company codes (read/write access). Now we need to restrict her access so she still has access to all company codes for most transactions. But for few transactions she could only view for certain company codes. I have told them this will not be possible unless she uses two separate ids for two scenarios.
  I know there exist a context sensitive solution in HR where you can link STR. Profile to a master record infotype. Is there similar solution to non HR data?
  I would appreciate your thoughts and inputs.
  Thanks,
  Netra

  This won't work unless the auth objects for the few transactions are not used for any other transactions in which the user requires the full org level access.  Lack of clarity around this sort of issue is just one of many of the limitations of using that particular approach

• UK Payroll tax code 1000L

  Hello Friends:  
  In UK Payroll new tax code 1000L I have updated in Constant table V_T511K effective April 06th 2014 but this code is not going to Ceridian interface(PU12).   Any help is appreciated. Thanks in Advance

  What exactly is your problem. UK tax is on a cumulative basis, and typically there are slabs with different rates,  so it is difficult too work out a percentage for each wagetype.

• Time limits for time capsule access

  I want to set time limits for individual devices on my Time Capsule network. How do I set this up??

  You will need a hardware address for each wireless device that you want to be able to control. If you do not have the device listed, it will have "default" access to the wireless network, which means that it will have unlimited access at all times.
  If you are having difficulty finding a hardware address for a given device, turn off all the wireless devices that will connect to the network except your Mac. You know the hardware address of your Mac already, correct?
  Turn on one other wireless device and look for the info about that device. Then turn on the next device to get info about that device. You may not see a device name and instead see something like 10.0.1.x for the device name. Click on the 10.0.1.x display to reveal more information about the device, including the hardware address.
  You can set up rules for each device on either the Time Capsule or the AirPort Extreme and the settings will automatically be transferred to the "other" device, so you only have to enter the rules on one device.
  Open Airport Utility again and click on the Time Capsule if that is your "main" base station or router. Otherwise click on the AirPort Extreme if that is the main base station.
  Click Edit
  Click the Network tab at the top of the window
  Look toward the bottom of the next window and make sure that there is a check mark next to Enable Access Control. Later, you will need to make sure that the other router you have is also enabled.
  Click on Timed Access Control
  Here you will see the "default' rule for the network of Unlimited Access. This means that any device that has not been assigned a specific rule will be able to connect to the network at any time. Leave this rule alone.
  Click on the + (plus) button at the bottom of the Wireless Clients box
  Type in a device name next to Description.....example.....iPad
  Type in the hardware address of the device next to MAC Address
  You probably want to have the rule in effect Everyday, so leave that box the same. If you click on the box, you will see that you are able to have the rule in effect with a number of other options.
  Click on the All Day box and change that to Between
  Double click on each time display to edit the start time and end time for the device each day. For example, the device might be able to connect Everyday, Between 9 AM and 10 PM. It is possible to have multiple rules for the same device by clicking the + button in this area to add another time slot.
  Click Save
  Click Timed Access Control again and repeat the process for the next device, etc until entries for all wireless devices that you want to control are complete
  Click Update to save all of the settings and the Time Capsule will restart in 30 seconds.
  Be sure to enter a check mark on the other router that you have to Enable Timed Access and Update to save the setting.  This will transfer the stored settings from the Time Capsule to the AirPort Extreme or vice versa.
  Good luck.

• Start workflow in code - access denied

  Im trying to start list workflow (sp 2013)  from MVC app.
  the mvc app (win auth enabled) is running by a user that is site owner.
  i always get ASP.NET access denied
  var workflowServiceManager = new WorkflowServicesManager(web);
  var workflowSubscriptionService = workflowServiceManager.GetWorkflowSubscriptionService();
  SPList oList = web.Lists["Employee"];
  SPListItem item = oList.GetItemById(557);
  //access denied on this line
   var subscriptions = workflowSubscriptionService.EnumerateSubscriptionsByList(oList.ID);
  thanks

  Hi
  Earlier I was putting the button (link) in the wrong place now that its in the dataform webpart @ID works !
  This link now will jump to the workflows page, the problem is that I have two workflows so the user may start the wrong workflow. Then I tried to link to the initiation page instead but this is where the error occurs.
  This is the workflow page link (Copied from browser url)
  http://sp20104/HitsMissesApp/_layouts/Workflow.aspx?ID={@ID}&List=deff1c34-4aec-43ad-b1e8-00444d3ab674&Source=http%3A%2F%2Fsp20104%2FHitsMissesApp%2FLists%2FHitsandMisses%2FAllItems%2Easpx
  This is the initiation page link, has a few more parameters. (Copied from browser url and used static ID for test)
  http://sp20104/HitsMissesApp/_layouts/IniWrkflIP.aspx?List={deff1c34-4aec-43ad-b1e8-00444d3ab674}&ID=6&TemplateID={8f72c2a0-7ec7-44ac-9bb7-c0a527a6b91a}&Source=http%3A%2F%2Fsp20104%2FHitsMissesApp%2FLists%2FHitsandMisses%2FAllItems%2Easpx
  When I enter the intitation link in SPD, SPD error with 'Error HRESULT E_FAIL has been returned from a call to a COM component.' and then crashes.
  So I can only link to the workflows page not the inititaion page. Perhaps the IniWrkflIP.aspx can only be called from a select page or something?
  Code for insering asp link:
  <asp:LinkButton runat="server" id="LinkButton1" PostBackUrl="http://sp20104/HitsMissesApp/_layouts/Workflow.aspx?ID={@ID}&amp;List=deff1c34-4aec-43ad-b1e8-00444d3ab674&amp;Source=http%3A%2F%2Fsp20104%2FHitsMissesApp%2FLists%2FHitsandMisses%2FAllItems%2Easpx">Start Workflow Feedback</asp:LinkButton>
  Alternatively, the button/link could simply start the workflow as I dont require the initiation page. Dont know if this is any easier though.
  Any assistance welcome on this .
  Thanks

• RSA1 T-code Access Problem in IDES server

  Hi Experts,
  Our BW consultant getting on error while using RSA1 t-code in ides client 900
  i.e you can only work in client 800
  Help details:-
  You can only work in client 800
  Message no. BRAIN009
  Diagnosis
  Your SAP BW system can only operate in client 800.
  Procedure
  Log on in client 800.
  For your information:- After completing the installation i have created the client 900 and select the profile sap_all and copied from the client 800 only and created the user id's and assigned the required authorizations.
  Component version :- SAP ECC 6.0
  Operating system :- Windows NT
  Database system :- ORACLE
  Please any one suggest me BW Consultant can only required the access in client 800 only/is there any way to provide the access in client 900 also.
  Regards,
  Reddy V

  Hi,
  In your IDES system BI is configured in client 800. And you can use only one client as BI client in a system, since BI tables are cross-client.
  You can change the BI client from 800 to 900 by updating the field BWMANDT to 900 in RSADMINA table.
  Caution: Everything in client 800 will be lost when you change BI client to 900.
  Usually client is changed during the post installation process(One time activity).
  hope it helps
  regards,
  Pruthvi R

• How do we supress the code access to wifi?

  How do I supress the access code to Wifi?
  thank you

  Sorry. It's unclear what you mean. Please clarify what you mean by "suppress the access code to WiFi".

• Limiting the Report Layout access other than Authorization Object S_ALV_LAYO

  Dear Experts,
  We have an issue of Layout Access limit to Users coz unwittingly these are being deleted.
  (Example: IW39 à after F8 à Settings à Layout.)
  The Authorization object S_ALV_LAYO which limits the access, has been defined in the multiple Roles, where every User been assigned with these Roles across Three Continents.
  Instead of hampering the existing Streamlined Roles, looking for other Options since if it may give odd behaviour after modifying the Roles then all the Users across the continents will be effected.
  It will be grateful if we get other options to limit the Layout access instead of controlling through Authorization Object.
  Thank you & Have a Great Day!

  Thank you Sebastian & Terence,
  The Global Roles has maintained with Authorization Object (S_LAYO_ALV) and these are been assigned to Every User coz all Users should access these reports.
  So now every User has maintained with the Authorization Object to access.
  Now we are trying to Control the Access to limited Users through without hampering the well maintained/streamlined  Roles, since if any adverse effects on the modified roles may impact to all the Users across the continents.
  Looking for other options.
  Thanks, I appreciate your time and efforts on this.

• Error with Material type/Tax code access sequence in Tax procedure

  Hi,
  I am trying to create an access sequence with Material type/tax code combination for my tax procedure. While I can generate the condition table successfully, I cannot create an access sequence. The access sequence gives me the pop up message " select a document field for MTART". I searched in the field catalog and its absent. However MTART exists in the table KOMG.
  How can I include the field MTART ( material type) in the field catalog. The tax code field is shown as green. Please help.
  Thanks and regards,
  Soumya.

  The field MTART was included as standard in the table . I didn't have to add anything. Further, i couldn't find any standard access sequence for tax procedures that include material type.
  I am really stuck with this!!
  Regards,
  Soumya

• Accurate t-code access list

  I am trying to retrieve a user access list for the following t-codes:
  Financial Reporting:
  FS00 u2013 general ledger accounts
  OB52 u2013 Close accounting periods
  Fixed Assets:
  AS01
  AS02
  ABZON
  ABAVN
  If we run it just by t-code, the access list is incorrect. Can anyone suggest a a different way to retrieve a correct user list such as what authorization objects, etc. I should specify when running each t-code?
  Thanks
  Raja

  you can check table AGR_1251 with object S_TCODE...
  In field" value" enter t-codes.
  This works as long as you havent defined a "from to" authorisation for S_tcode in your roles
  Edited by: Markus Roth on Nov 1, 2011 7:53 PM

• T-CODE access

  Hi Experts,
  I have a T-code 'OB52'. How can I know which users accessed this t-code and when.
  Rajiv Ranjan
  ABAP123

  hi,
  if they had made any changes you can find in
  Utilities-> change logs -> Execute.
  i think it is difficult to get when the users has accesed the transaction upto my knowledge.
  Cheers
  Alfred
  Reward points for helpful answers

• Payroll Result Delition access ( PU01)

  Hi ,
  I need to give one of the user only PU01 access. If any one know what all additional access I need to be giving to this user if T code PU01 has to work?
  If any one has a template that will be help.

  Hi Deepak,
  You need to give access to P_PCLX authorization object.
  Regards,
  Dilek