Object P_ORGIN inconsistent
Hi all,
I have created a new Role and inserted the Tcode OOOE in the menu tab and when click on change authorization data in Authorization tab it pops up with an error message
Authorization default values of transaction OOOE for object P_ORGIN inconsistent.
Message no. 5 @ 015
Diagnosis
The authorization fields included in authorization default values are incomplete or incorrect
System Response
The action is terminated to avoid inconsistent authorization data
Procedure
In transaction SU24, modify the authorization default values in object definition from transaction SU21, and repeat the action.
I have checked the values of P_ORGIN using SU21 & SU24 and they have default values. How to make the P_ORGIN object consistent?
Thanks in Advance
Ravi
Result of a test in 4.6C and 4.7 system (with up-to-date support package):
The PFCG loads the merged authorization proposals for S_TCODE, PLOG, P_ORGIN and P_TCODE according to the SU24 data for the parameter transaction OOOE and the 'master' transaction PPOM. -> It seems that you have a special problem in your system.
I assume that you have the same problem if you add transactopn PPOM inte a role, because the systems loads these authorization proposals.
The PFCG shows the message if there is an inconsistency between authorization proposals in table USOBT_C and the definition of an authorization object in table TOBJ
My suggestion: Use SU24 to delete the authorization proposals for transaction PPOM, save it and add them again.
P_ORGIN
AUTHC *
INFTY 0000 0001 0002 0003
PERSA <empty>
PERSG <empty>
PERSK <empty>
SUBTY *
VDSK1 <empty>
Please check note <a href="https://service.sap.com/sap/support/notes/745655">745655</a>, too, which might be applicable.
Kind regards
Frank Buchholz
Similar Messages
-
Error "Inconsistancy in the auth object P_ORGIN"
Hello Gurus,
I have to add a tcode which involves auth object P_ORGIN. When I add the tcode and go to authorization tab then it gives the error as "Inconsistancy in the auth object P_Orgin"
Please let me know how should I add the tcode now. Thank you !
Regards,
MAPLease provide tcode
The reason why the profile generator cannot correctly insert the
default values of these transactions is due to a data inconsistency in
table USOBT_C (default values for customers). The table does not
contain an entry for field BTRTL of authorization object P_Orgin.
You can immediately correct the incomplete data in your customer table
USOBT_C using the following steps:
Step 1 Execute transaction SU24
Step 2 Enter the transaction affected by this error ie XXXX
Step 3 "Change check indicator" (F6) in the application toolbar.
Step 4 With "Display field values" (F7) you check the default values of
P_Orgin. Please document the values.
Step 5 Go back to the previous screen and set the check indicator from
"Check/maintain" to "Check" for P_Orgin.
Step 6 Set the indicator for P_Orgin back to "Check/maintain".
Step 7 Choose the function "Change field values" (F6) and insert the
formerly documented values for AUTHC in object P_Orgin.
Now you see also the field BTRTL being presented.
Save the changes.
Repeat steps 3-7 for each of the transactions affected.
Hope you are clear with the steps.
Thanks,
Prasant
Edited by: Prasant K Paichha on Mar 3, 2010 3:01 PM -
How to delimitate the authorization on BI based on HR auth. object P_ORGIN
Hi all,
I need to insert in my BI role one authorization object to delimitate the view of data in the report (data are extracted from and SAP HR system) based on Personnel Area. On the HR system I have the authorization Object P_ORGIN that can be filled inside the roles for what concerns the value of Personnel Area.
How can I apply the same limitation inside the BI role?
Many Thanks,
ValentinaHi,
R u using any other roles . If yes then open that roles and add object p_origin .It should work.
Regards
Nilesh -
PT60 the field Personnel Area( PERSA ) of the authorization object P_ORGIN
Hi,
When running transaction PT60 the field Personnel Area( PERSA ) of the authorization object P_ORGIN is not checked.
I have run SU24 ,the objects are there with chech indicator of authorization object = "CHECK".
What can I do about it ? Is there any note to fix this ?
thanks!
Olivia YangHi,
In object P_ORGIN what you need to check for authorisation is it on Personnel area or PSA.Actually we have org.key for authorisation which is define in P_ORGIN.If you can define org. key as PA/PSA/EG/ESG you can check the authorisation for specific users.
Regards,
Snita -
Database object is inconsistent: (Primary index)
Hi All ,
I'm getting this "Database object is inconsistent: (Primary index)" when I run database consistency check on one of my z table and some how due to this problem program is able to insert duplicate entries in the table.
Can some one help ?
Regards ,
LaeeqI'm getting this when I'm checking the consistency and I ran SE14 as well , I deleted the database table and created it again .. but the problem is still there ..
Regards ,
Laeeq. -
Please check the order's object list (inconsistency SOBJ)
Hi Friends;
I am facing a strange issue where I have copied a custom task from SAP standard decision task 00008267 caz I needed to perform some custom requirement on it.
I have done evry thing but then I have observed that Agent assignment is not coming at testing client which is on same server.
I also can not modify any thing at testing client.
So I performed SCC1 from testing client and check but still same issue.
Then I thought of re assigning agent at development client but while making it general task it pop up the message "Please check the order's object list (inconsistency SOBJ)".
And after again performing the SCC1 still the issue exist.
Can any one suggest their inputs where the problem could be and how should I fix it.
Regards
DevrajHi Dev,
Can you please share more details? Agent assignment not coming means?
Have you set the task as General in testing client?
Thanks,
Viji. -
Regarding the authorization based on persinal subarea
dear experts,
my company has two offices what we want that in HR that one offices will not see the live datas of another office,for this we have two subarea raipur & raigarh what i did that in the authorization object P_ORGIN i added subarea BTRTL after this whenever i go to "SU01" & assign in the roles it gives THIS error------
*Authorization default values of transaction PC00_M01_CDTB for object P_ORGIN
inconsistent*
WHAT IS THE SOLUTION FOR THIS PROBLEM...
PLEASE suggest me how to restrict the authorization on personal subarea...
Also after adding the fields BTRTL in the object P_ORGIN i want to remove it again how will i do this......hi,
Have a look at this pdf.It may help u.
http://www.sap-press.de/download/dateien/726/sappress_authorization_system_engl.pdf
http://wiki.ittoolbox.com/index.php/SAP_HR_-_Check_your_basics-Answers-1#DATA_AND_AUTHORIZATIONS
cheers,
Manoj. -
Add Authorization field to Authorization Object (BTRTL to P_ORGIN)
Hi,
Could anybody please let me know the steps to add authorization field to an authorization object.
I want to add authorization field (BTRTL) to authorization object (P_ORGIN).
Please suggest..
Thanks is advance!Hai..
Goto SU03- access Class HR -> Object P-ORIGIN-> then check/create the values for the field BTRTL.
For checking authorization Reports, we use command 'AUTHORITY-CHECK OBJECT'. -
Authorization Object Inconsistent
Hi Experts,
Initially I try to add new field into Organizational Levels (i.e.PERSA) using program PFCG_ORGFIELD_CREATE
/ UPGRADE / DELETE and encounter RunTime Error which might cause this issue. Then, I found note that refer me to SU24 to check missing fields in P_ORGINCON and I found field PERSA is missing. I try to add but not able to (perhaps do not know how)
Error Message: 'Authorization default values of transaction PA30 for object P_ORGINCON inconsistent'
Steps to reproduce:
1) Transaction Code: PFCG - create new role
2) Menu Tab: Add transaction Code PA30/PA20 and save.
3) Authorization Tab: click 'Change Authorization Data' button to maintain and you will get the above mentioned error
Appreciate your advice in this matter and million thanks in advance.Hi,
Here is a simple solution:
1. Goto Su24 for the said transaction code.
2. Make P_ORGINCON check indicator to Check from Check/Maintain.
3. Save
4. Again change the P_ORGINCON from Check to Check/Maintain.
5. Save and create a transport request.
You will not see the inconsistency error back.
All the best!!
Regards,
Raghu -
Inconsistencies in P_ORGIN for Transaction code PU00
Hello Gurus,
I am getiing a inconsistancy error in the auth object P_ORGIN when I try to add a tcode PU00 and while going into the authorization tab.
I understand that this need's to be corrected in SU24 for the tcode PU00 and deleting the proposed values and saving the settings then modifying the role and then changing back to the previous authorization values. I checked that the tcode PU00 has these values currently.
P_ORGIN AUTHC M
P_ORGIN AUTHC R
P_ORGIN AUTHC W
P_ORGIN INFTY
P_ORGIN PERSA $PERSA
P_ORGIN PERSG
P_ORGIN PERSK
P_ORGIN SUBTY
P_ORGIN VDSK1 $VDSK1
Please let me know if I need to delete all these values then save the settings and then modify the role. I see that it prompts a workbench request for this changes.
Regard's,
SalmanHi Salman
Yes, you would need to delete the objcet P_ORGIN and add it back with the same values as listed. It will promt you to create a workbench request. Once changes are done you can go to the role in transaction PFCG and authorization tab go to "Expert mode for Profile Generation" and check on "Read old status and merge with new data" to import the changes in the role.
Once the changes are done in the role, generate the role.
Thanks.
Anjan -
Hi,
are the action objects are really required to be created in ESR for configuring scenarios.
when i learned XI, i remember we created scenarios without creating the action objects (that appear under "Process integration scenario" objects in 7.1 ESR)
are there specific advantages of using action objects and Process integration scenario objects. (i am not referring to integration process objects that are definitely required if use bpm)>Gabriela Vasselai wrote
>>It is important to know that when you change (refactor) your interface objects (data type, message type, service interface) or your mapping objects (message mapping, operation mapping), that changes will not automatically update your process integration scenario. You have to take care in all updates to don´t leave process integration scenario inconsistent, updating it also
yes you are right, it seems once you used model configurator for initial creation of ID objects, there would be no issues.
but after that, in ESR, if you edit PIS or action object, i think you need to apply the model configurator again in id.
but after that, in ID, if you manually edit the assigned mappings etc, then the configuration objects become inconsistent wrt PIS.
i think there must be some provision to check the consistency of PIS model.
since PI 7.1 is approaching towards modelling more (atleast as of my knowledge) it will come up with a consistency check functionality of the models. -
LDB PNP authorization check authorization object
Hi,
I have used LDB PNP for HR reports.
We are using the authority check also, but the problem is all the records/data for all the people is being read by the report where some of the people data should not have been read as they belong to some other personal area that the role of the executer (user).
Hence it appears that authorization check is not working properly.
Following is how I am using it, Please suggest corrections or alternate way to correct this issue.
rp-provide-from-last p0002 space gwa_outlist-begda
gwa_outlist-begda.
IF pnp-sw-found NE '1' OR
pnp-sw-auth-skipped-record EQ '1'.
EXIT.
ELSE.
ls_tab-vorna = p0002-vorna.
ls_tab-nachn = p0002-nachn.
ENDIF.
Please reply with the corrections ore alterations,
Thanks in advance.
Akash.Hi,
(1)
Actually, if you're wirting report with PNP LDB, you do NOT need to do this hard-coded auth checking at all. Because the LDB abap code behind PNP has already do this job for you.
So all you need to do is to ask you HR consultant or Basis consultant to modify the authority config of certain ROLE with t-code PFCG, and then assign that ROLE to certain user with t-code SU01.
ABAP code behind PNP will automatically verify the current user according to his ROLE setting.
(2)
In some case you do not work with LDB report, then you need to do the authority check by yourself. General function AUTHORITY_CHECK is what you need. AUTHORITY_CHECK do the authority check by means of Authority Object.Belows are authority objects used in HR module(you can also see in PFCG if technial name switched on):
P_ORGIN HR: Master Data
PLOG Personnel Planning
P_PCLX HR: Clusters
P_TCODE HR: Transaction codes
Sample of checking personal area:
CALL FUNCTION 'AUTHORITY_CHECK'
EXPORTING
FIELD1 = ' PERSA'
OBJECT = 'P_ORGIN'
USER = 'SAPSUPPORT1'
VALUE1 = 'Z001'
EXCEPTIONS
USER_DONT_EXIST = 1
USER_IS_AUTHORIZED = 2
USER_NOT_AUTHORIZED = 3
USER_IS_LOCKED = 4
OTHERS = 5.
IF SY-SUBRC NE 2.
MESSAGE E001(01) RAISING AUTH_FAILED.
ENDIF.
Reward if helpful pls! -
Authorization Check Failed for HR P_ORGIN on VDSK1
Hi Experts,
We have an issue where an HR secretary is making an address change to an employee via pa30. She is successfully able to save the change with no warning on the screen. However, when we run /nsu53 immediately after, we see that there was an authorization check failed. The check failed is in class HR, object P_ORGIN. The field is VDSK1. We have values defined there, whereas SAP is requesting a *. We do not want to use the *, but the value in VDSK1 is correct and should not be failing.
Anyone ever see this issue before?
Thanks
ShaneHi Shane,
Since the secretary was able to save the record I assume there is no issue with the role. SU53 always shows last failed authorisation check. Even if transaction has been succesful you normally find failed authorisation checks from SU53. In your case I assume that PA30 checks first that if user happens to have P_ORGIN with * value in VDSK1. If not then it checks employees infotype 0001 and organisational key and tries to match that to the value in the role. If you pass this check SU53 will still show failed check where VDSK1=*.
So this is normal behaviour for SU53 and nothing to be worried about. Annoying is when SU53 gives something sill as last check after error. Annoying are SU53 reports from users to add S_DEVELOP with Debug object because programmer has decided to leave break-point to program.
cheers, s -
Custom Authorization Object for HR
Hi,
As per our Company's internal needs I have created a Custom Authorization Object for HR named ZP_ORGIN (it has Personnel Subarea field BTRTL besides what's there in Auth. Object P_ORGIN) and made it Check/Maintain for transaction PA30 in SU24.
I can see the entries in the USOBT_C & USOBX_C tables for this object, I am also able to add this object in the roles as well.
Everything looks fine, but when I execute the transaction & do a trace on it, the object ZP_ORGIN is never checked (for a user having this object in his/her User Master). Only P_ORGIN object is checked instead.
I believe I'll have to write some ABAP code e.g. AUTHORITY-CHECK OBJECT 'ZP_ORGIN' etc. Can anybody tell which User Exit or Field Exit I'll have to put the AUTHORITY-CHECK code in, so that my new custom authorization object is alwayz checked.
Your help will be appreciated.
Thanks,
Mandeep VirkHi,
I have created a Custom Authorization Object for HR named Z_ORIGIN (it has Personnel Subarea field BTRTL besides what's there in Auth. Object P_ORIGIN) and made it Check/Maintain for transaction PA30 in SU24.
I can see the entries in the USOBT_C & USOBX_C tables for this object, I am also able to add this object in the roles as well.
Everything looks fine, but when I execute the transaction the object Z_ORIGIN is never checked (for a user having this object in his/her User Master). Only P_ORIGIN object is checked instead.
We've ran the report RPUACG00 also which is mentioned in this thread.
We also coded the authority check code in the both user exit ZXPADU01 and ZXPADU02 for PA infotype operations
I believe I'll have to write some ABAP code e.g. AUTHORITY-CHECK OBJECT 'ZP_ORGIN' etc. Can anybody tell which User Exit or Field Exit I'll have to put the AUTHORITY-CHECK code in, so that my new custom authorization object is alwayz checked
but still it is taking the P_ORGIN object. -
Dear All
I am create a single role and I am given the transaction code authorization for example HR Master data
here create one object P_ORGIN here multiple sub object created now I want to those multiple sub object can merge as single sub object.?
Please help us
Sanjay choudhary
Changed HR: Master Data P_ORGIN
Maintained HR: Master Data T-TQ71027600
Authorization level R AUTHC
Infotype 0000, 0001, 0003, 0007, 0050, 2001, INFTY
Personnel Area CORP, ENGG, L&LP PERSA
Employee Group A, B, C, F, P, R PERSG
Employee Subgroup AA, AB, DP, DR, DS, DW, FA, PERSK
Subtype * SUBTY
Organizational Key * VDSK1
Maintained HR: Master Data T-TQ71027602
Authorization level M, R, W AUTHC
Infotype 0000, 0001, 0003, 0007, 0050, 2001, INFTY
Personnel Area CORP, ENGG PERSA
Employee Group A, B, C, F, P, R PERSG
Employee Subgroup AA, AB, DP, DR, DS, DW, FA, PERSK
Subtype ' ' SUBTY
Organizational Key * VDSK1
Changed HR: Master Data T-TQ71027601
Authorization level M, R, W AUTHC
Infotype 0000, 0001, 0003, 0007, 0050, 2001, 2002, INFTY
Personnel Area CORP, ENGG PERSA
Employee Group A, B, C, F, P, R PERSG
Employee Subgroup AA, AB, DP, DR, DS, DW, FA, GT, JP PERSK
Subtype * SUBTY
Organizational Key * VDSK1Hello Sanjay,
you have to merge them manually, as the automatic compression can only merge authorizations, if their status is equal. so authorizationsa as per yourgiven example cannot be compressed automatically as their status is a)changed and b)maintained.
Please refer to note 113290--> C)
b.rgds, Bernhard
Maybe you are looking for
-
I have Windows 7. I was previously using Windows 98 when I set up ITunes and developed a library of music and movies. When I try to log in I keep getting a message stating that am using an older version of Windows and that I need to turn off "compa
-
Multiple database operations in Database Adapter - please help
Hi, I would like to have multiple operation in my database adapter. I drop the database adapter onto the composite.xml and follow the wizard. An adapter with one operation is created. When I click the "Edit" button on it and run the wizard again, all
-
How to upload Unicode encoding files from web?
Hi everyone, I do not manage to upload Unicode encoding CSV files from web. Currently I use class CL_HTMLB_MANAGER to upload file from web. It works fine with ANSI encoding files, but file content is not uploaded correctly with Unicode encoding files
-
Hi I have a Macbook Pro, due to software costs (at time) I also installed Win 7. Everything has gone well, no problems, but now I want to be able to boot up the Mac (as a Mac) but cant firn any option anywhere to help me get back to being a MAc (sou
-
Can't install 3rd party software
I've just done an archive and install of Tiger on my G4 with a NewerTech 2gig CPU. I was able to download and install the update to 10.4.10 without problem. However, now when I try to install anything else, I get the authenticate admin window but it