Org structure authorizations
Hi all,
can anybody have idea, where do we give authorizations for org structure in (PPOMA_CRM) for different levels?
To be clear on my question.
Users will have different views in CIC and authorizations, based on their assignment in org structure at different levels
now where do we give these authorizations and where can i see the existing authorizations at different levels?
Regards
Raj
Hi Raj,
As per my understanding of your requirement,
1. The user assigned to the org unit will see only the CIC profile that is assigned to the org unit and this is done by going to the Organization structure, select Go to -> detail-> detail object and then select the CIC profile in the info type.
So in your case you wanted user A (top level) to create and edit the order, so assign the CIC profile to the top level org unit that has create and edit order profile, so the user assigned to this org unit will be defaulted to the CIC profile assigned.
Similarily follow the same with the other org units and they will only be able to see what they have to do.
2. In case if this is not then there are few authorization objects meant for the Org structure and you can select the object (it ends with _OE, _LP etc.. i donot remember the complete name and you can find this in PFCG by selecting the manual option of selection objects and then using value help, you can find the above authorization objects under the CRM application and you can say that the user can only see the documents that are valid for the org units that you enter in this role and similarily u can control the other org units and restrict the user for them)
Hope it helps and if so please reward points.
Thanks
Srini
Similar Messages
-
CAT2 Org Unit Structural Authorizations - Employees moving to different Org
Hello, everyone -
We currently use structural authorizations to restrict time keepers to only maintain time entries for employees in their org units. If an employee moves to an org unit maintained by a different timekeeper, we want to continue to allow the previous time keeper to maintain entries for the time the employee was in their org.
Example: pernr 1 starts out in org unit X. Org Unit X time entries are maintained by time keeper A. Effective 5/1/2014, pernr 1 moves to org unit Y, whose time entries are maintained by timekeeper B. The standard maintenance data entry profile allows the user to go back 6 weeks. On 5/2/2014, time keeper A tries to enter overtime worked by pernr 1 for his org unit on 4/30/2014. He receives the error "Not authorized to maintain data for personnel number &2 using profile &1".
How do we allow a timekeeper to make entries for any employee who was in any of their org units, even if they're no longer there?
Thanks in advance, and I'll definitely reward points for any helpful answers.
- SteveHi, Rohit -
The actual scenario is that we are set up to move all withdrawn personnel numbers to a pooled "separated" position in a separate org unit. This frees their previous position to be filled by a new hire. It also means that a LOT of personnel numbers are in this org unit, which the time keeper should not have access to.
D. -
We're using a custom function module entered in T77PR to retrieve the organization units that the time keepers should access. Here are the entries in T77PR:
(The "Maint."/Processing Type column is checked for all 3 rows.)
Z_HRLY_TMKPR 1 01 O O_S_P 12 3 ZBC_GET_TKEEPER_ORGS_BY_USER
Z_HRLY_TMKPR 2 01 S O_S_P 12 3 ZBC_GET_TKEEPER_ORGS_BY_USER
Z_HRLY_TMKPR 3 01 P O_S_P 12 3 ZBC_GET_TKEEPER_ORGS_BY_USER
The function module uses a custom evaluation path ZHT that looks like this:
15 * B 008 Holder * S
20 S B ZHT Hourly Timekeeper * O
30 US A 208 Is identical to * P
I'm not sure what you'd like to see related to the profile... Is there a way to configure the CAT2 logic to allow a user to maintain a personnel number who is in the org for at least part of the time that the employee was in an organization that the user is authorized to maintain?
Thanks again,
- Steve -
Error Occured when Applying Structural Authorizations in E-Recruitment
Dear Experts,
The E-Recruitment functionalities were working fine when no structural authorizations are applied. However, when structural authorizations are configured for the user on the backend SAP system (I configured structural authorizations for the user to have access to only his own department), the E-Recruitment module does not work.
When I tried to access requisitions-> maintenace, application management->applications, etc, (i.e. when the E-Recruitment module tries to retrieve data from the backend), the the following error message occurred.
Error when processing your request
What has happened?
The URL http://<hostname>:<port>/sap/bc/bsp/sap/hrrcf_start_int/application.do was not called due to an error.
Note
The following error text was processed in the system ABC : <b>RAISE EVENT statement nested to deep.</b> The error occurred on the application server XYZ and in the work process 0 .
The termination type was: RABAX_STATE
The ABAP call stack was:
Method: ON_CHANGE of program CL_HRRCF_INFOTYPE=============CP
Method: INSERT_RECORD of program CL_HRRCF_INFOTYPE=============CP
Method: READ_RECORDS of program CL_HRRCF_REQUISITION_INFO=====CP
Method: GET_RECORDS of program CL_HRRCF_INFOTYPE=============CP
Method: GET_RECORDS_BY_DATE of program CL_HRRCF_INFOTYPE=============CP
Method: ON_REQUISITION_UPDATE of program CL_HRRCF_REQUI_BL=============CP
Method: ON_CHANGE of program CL_HRRCF_INFOTYPE=============CP
Method: INSERT_RECORD of program CL_HRRCF_INFOTYPE=============CP
Method: READ_RECORDS of program CL_HRRCF_REQUISITION_INFO=====CP
Method: GET_RECORDS of program CL_HRRCF_INFOTYPE=============CP
Please advice if E-Recruitment supports structural authorizations. If it does, are there additional configuration required to enable structural authorization. Kindly enlighten me on how to resolve this error. Any help will be much appreciated.Hello Louis,
I implemented e-recruiting with structural authorizations for a customer and encountered exactly the same error. Anything in the e-recruiting implementation leads to this problem. When you miss some object authorizations the implementation generates an infinite callstack which results in this short dump.
So be sure you assigned all necessary objects to recruiters and also candidates (NA, NB, NC, ND, NE, NF, BP, CP, P, Q, QK, VA, VB, VC) but this might be difficult esp. with the P object, when you use structural authorizations for other purposes, too. This usually generates problems in manager involvement (e.g. manager can't choose a recruiter to approve his requisition as he has not the structural authorization for the hr department members).
It is also a bit strange that candidates need for example change rights for the requisition (NB) although they won't actually change it but without it the relation application->requisition, candidacy->requsition cannot be created correctly.
Last but not least be always sure that you refreshed the authorization buffers after changing structural authorizations. They are usually switched on for better performance.
Best regards
Roman Weise
PS: be aware that using structural authorizations will keep you busy for some time. we needed ~2 months to set up the system in a way that e-recruiting worked as the custoimer wanted without interfering any other productive hr component (admin, org. mgmnt., managers desktop). -
R/3 reports related to structural authorization
Can anyone advise which standard reports/transcation codes in R/3 relate to structural authorization? are some better than others? I am interested in viewing allowable objects etc,.
Thank you,
MeghanHi Jim,
As you have mentioned you have worked a lot on structural authorizations,
I would request you to kindly help us on the below mentioned scenerio..
Issue : (Scenario)
C directly reports to B, and B Reports to A.
In the above scenario we have logged as B and did the compensation planning for C. A is the approver for the Cs compensation planning.
As C is HOD for HR Org unit. He will submit compensation plans of his subordinates to B for approval. That means B has to have approval authorization for Cs subordinates and he should not have approval authorization for his direct reporting employees.
In our scenario, B is able to perform the compensation planning as well as able to approve the same for his direct reporting employees. This shouldnt happen in our process.
How can achieve this, Please advice
Regards
Raghav -
Context sensitive solution for Structural authorization
Dear all,
I would like to know whether new relationship, evaluation path and authorization profile has to be created for each role with context sensitive structural authorization ?
In T77UA table, each user has assigned a profile which tells the system how to find the structure by evaluation path (in T77PR table). Then in tranx OOAW, the evaluation path indicate how to build the structure by series of relationship, and this way we have to create new relationship for each role with context.
Am i correct ?
If an organization has many roles, then many relationship, evaluation path, profile.. has to be created !
Thanks for your help !
patrick cheungHi Chandra,
Thanks for your prompt reply !
This is for <u>Context Sensitive</u> solution, <b>not</b> the normal structural authorization:
Yes, if you add the authorization object P_ORGINCON in PFCG, you will notice that the field "<b>Authorization Profile</b>" has to be entered which tells the system <i>WHICH ORG STRUCTURE</i> does this authorization are refering to...
In table T77PR, instead of hardcoding the organization unit in the object ID field, we use Evaluation path to tell the system how to find the org structure for employees. Function RH_GET_MANAGER_ASSIGNMENT will return the org unit ID for the evaluation path.
In transaction OOAW, the said evaluation path specified the relationships which the system should use to draw the org structure of the employee's supervision... and there should be relationship like "<b>Is managed by</b>", may be as follows:
O B 002 Is line supervisor of * O
O A 011 Cost center asignmnt * K
O B 003 Incorporates * S
O B 012 <b>Is managed by...</b> * S
Up to now.... if you want to assign authorization to someone as follows, you could not simply maintain the same relationship "<b>Is managed by</b>" to Org Structure A and B because this will confuse the system as to which org structure you want the employee to maintain infotype 7 or 14/15. You should then create different relationships and maintain them to Org Structure A and B. And tell the system how to find the structure from the Evaluation path, which is stick to the Auth. profile. The Auth. profile is then maintain in the Context sensitive master data object P_ORGINCON !
(1)
Org Structure A
Maintain only infotype 7
(2)
Org Structure B
Maintain only infotype 14, 15
So... that's why i said if an employee has many role to perform duties in many different Org Structures (e.g. A, B, C...etc), you would create many relationship...
Hope this message will give idea to someone who intend to implement Context Sensitive Solution. -
Hello Friends,
I am trying to get concept of HR structural authorization. I have read the document " Structural Authorizations Step by Step, with Gotchas Too by Norm and Carl". After reading this document, what i have understood is In Structural authorization, we create PD profile eg: Manager, employee, ALL etc via transaction OOSP. And after that you assigned these profile to position via report RHPROFL0 or manually via transaction OOSB.
But what i am not able to understand is
1.How do this profile Manger, Employee etc will work? How do Users get authorization. What types of activities Uses are able to perform? What type of data user will have acess to? Do users get authorization to transaction like PA20 or you still need additional role that is created via PFCG.
2. What my understanding is Users who are in the top Hierarchal nodes or structure (eg: manager) is able to access data of employee below him. Do we still need to create roles like MSS and ESS role via transaction PFCG?
If somebody can clarify, I will really appreciate.Hello Mate,
Have a loook at this thread, this may help .
Re: How to Restrict HR Org Structure from other Org Structures
Regards,
Regi -
HR-Structural Authorization-AUTSW ORGPD switch
Hi All,
We are facing an issue with our structural authorization.
Our HR user are unable to view details of the employee who is been terminated in PA20.
Background:
1)The user is terminated on 10/2009
2)when the user was terminated he was assigned to the org unit 10.
3)Later the org unit 10 also got inactive.like it is not in the org structure anymore this is from 02/2010.
4)From 02/2010 on HR users are unable to view the employee details (who is terminated and belongs to an inactive org structure) in PA20
Analysis:
1) When we see in the OOSB Information the HR user is not having authorization to view this org unit from the time it is moved out of org structure.I.e 02/2010.The endda is showing 02/2010 against the org unit in structural access of the Hr user.
2)Other observation is that after HR users give PA20 we have taken su53 and it shows taht P_ORGINCON missing authorization for D,infotype 0000,subtype termination.
3)we have done testing in Dev by changing AUTSW-ORGPD switch to 3 still no use.
4)We did AUTSW-DFCON to 3 as we ahve context authorization also it also did not work.With DFCON 4 it is working but HR users are able to view not only their counry employee but also other country employees org assignmnet in PA20 which not acceptable.
Requirement:
HR users should be able to view terminated employees with org assignment(IT 0001) but that org unit is not in validity date(i.e A 002 for org unit is delimited) .
Any suggestions or ideas to handle the terminated employees in the delimited orgunit will be of great help...
Regards,
Vani.Hi,
We are using DFCON = 4 and it is working for us. Try this way. If the user terminate then fill the Org Key in IT0001 with some Value YYY and then use this value in P_ORGINCON Filed Value VDSK1 = YYY and also PA restriction.
Or Write a FM to get the terminate pernr to users structure and use the Context it may work. -
SAP HR Structural Authorizations
Hi Experts,
I need a help regarding SAP HR Structural Authorizations.
Currently our HR System is set with structural authorizations were in
users will be accessing HR Org structure with different pd-profile and HR relationships (with Org units ex:
assistant relation, manager relation).
Now we want to design the roles based on company codes, where users should be able to see
all organization units within company code 'xyz'.
Do we need to create new pd-profile or new HR relationships or just restrict within existing HR roles for
accessing organizations units within different company codes.
Please guide me steps to proceed with this requirement?
Your early response is highly appreciated, thanks in advance......You will need to talk to the HR folks about this and whether any employee grouping on the HR side matches a company code unit on the FI side to use in the authorizations.
This means that HR data and processes are also aligned to finance processes, which was often the case with local HR systems but less so with global ones.
The answer is on your side in the data and the processes. There is no single field which you can use for both, let alone an org. level field known to structural authorizations.
Cheers
Julius -
Hi guys,
I don't have structure authorization implemented or HR system implemented. I was playing with my sandbox system to learn structure authorization by using step by step tutorial. After I created a structure authorization for two users I deleted everything related to structure authorization but unfortunately, some t-codes related to org chart for example PPOME, PPOMW are not working properly, its not allowing to create new org char.
We have another team needs to create some org chart for prototyping but they can't create org chart its giving no authorization error when I ran SU53 it's not giving regular auth error its also give failed HR structure authorization error, this is the error in su53 coming (Date 10/01/2010 and time Plan version 01 Object ID 5000075 Action LISD) there are so many different object ID on the list.
They all already have SAP_ALL in the system. Can anybody give some kind of report so I remove structure authorization completely from the system.
Please help
ThanksStructural Authorization Check
Structural authorizations are used to grant access to view information for personnel where HR OM has been implemented as we stated. The Access is granted to a user implicitly by the useru2019s position on the organizational plan.
On top of the general authorization check, which is based on authorization objects, you can define additional authorizations by hierarchical structures.
In each area, the combination of start object and [Evaluation Path|http://help.sap.com/saphelp_erp60_sp/helpdata/en/35/26c256afab52b9e10000009b38f974/content.htm] from an existing structure returns a specific number of objects. This exact combination, in other words the number of objects returned by this combination, represents a useru2019s [Structural profile|http://help.sap.com/saphelp_erp60_sp/helpdata/en/0c/49ba3b3bf00152e10000000a114084/content.htm]. So structural authorization check is therefore based on a Dynamic concept: The concrete objects that are returned by a structural profile change as the structure (under the start object) changes.
Steps to Perform to Set Up Structural Authorization Check in brief:
(Before start moving for str. auth profile it is assumed that the Switch AUTSW for HR General Authorization check is also activated in table T77S0. Structural Authorization won't give the access for accessing HR data as described in the last posts and works together with General Authorization - to remind you)
1. Integration: Control parameters for the integration of Personnel Planning and Development (PD) with other applications (such as Personnel Administration (PA) and Cost Accounting (CO), etc.) are specified in the "PLOGI" group.
2. Turn on PD PA switch: TCode used is OOPS. Ensure value registered for PLOGI u2013 ORGA is X. No other values need to be checked or changed.
(Note: PD and PA sub modules of HR are not configured to share data by default in the SAP delivered system. This switch must be on for data to flow between both modules.)
3. Turn on Structural Authorizations Main Switches : TCode is OOAC. Value for ORGPD is set to 1.
4. Create Org. Plan (check the first post).
(Note: Do not create your Organizational Plan without this switch on. If you do, structural authorizations will not work and some org and infotype setup will not work. You cannot turn the switch on and get structural authorizations on an organizational plan, that was created while it was off, to work..)
5. Create Personnel Master Record: Tcode is PA40. This is time consuming staff.
6. Create record for Infotype 0105 - TCode is PA30.
7. Create Structural Authorization Profiles u2013 TCode = OOSP
8. Create entry for IT 1017 - TCode is PO10 (Organizational Unit) or PO13 (Position).
9. Assignment of Structural Authorizations: The assignment of the Structural Authorization can be found with good details here in [SAP Help|http://help.sap.com/saphelp_erp60_sp/helpdata/en/97/27973b3ea3eb0fe10000000a114084/frameset.htm].
Please check and let us know for any query.
Regards,
Dipanjan -
Agent Determination with Org Structure without HR
We are currently on SAP 4.7 without the HR component. Our tech area would really like us to implement our first workflow where agent assignment is determined from an org plan. This workflow is a very simple workflow and actually only involves 2 people (one clerk and one manager).
If I build a very simple structure for this particular department, how easy is it to add on additional levels, both higher or lower, at a later date that will accomodate future workflows without effecting the existing one?
Thoughts?Thank you Ramki and Sivarajendren,
I guess I'm still struggling with the best way to determine agent assignment given our circumstances (no HR) and the simplicity of this workflow. (Recap of workflow - investigation and approval of corp refunds done by person # 1. If refund > $500, needs approval from person #2).
The tech area wants me to create a simple org plan but not assign any users to it and then transport it all clients. Then in each client, we can assign users which would accomodate our testing with different id's than in prod. The workflow would then assign to a position not a userid. The advantage is that when people leave, the org plan must be maintained not the workflow.
I've thought about using responsibility rules but ultimately, you are assigning a userid to a rule which still needs maintenance if a user leaves.
I've also thought about using activity groups but the way we use them at our location isn't appropriate in this circumstance. Our activity groups are so broad it would give too many people access to workflows.
Lastly, I've thought about creating a custom Z table with the userid's in it and calling a function module to determine agent assignment. This actually sounds intriguing but again, someone would need to maintain the userid's in the table. Also, what's the best kind of key for the table - taskid?
One of our dilema's is that IT management does not want to give anyone authorization to change a WF templete in prod. So I must create the WF templete with the correct assignment in our dev system and then transport it to our prod system.
Then there's the whole issue about who will be doing any maintenance. Since we don't have an HR component at this time (hopefully sometime in the next 5 years), HR won't maintain an org structure.
See how complicated this is becoming? I'd appreciate any insight.
Joanne -
Integrate HR org structure and CUA?
We are considering a new design for our authorization management on our production ECC 6.0 system.
There will be 2 productive ECC 6.0 systems; which system you use will depend on your global location. We currently utilize the HR org structure to assist us with provisioning and deprovisioning accounts on our durrent single ECC 6.0 instance, and we hang composite roles off of positions in the org structure, so that a fair amount of authorization management is automated.
If we were to put a CUA client over the two productive ECC 6.0 clients, how might that be integrated with the HR organizational model? Does CUA integrate well with an org structure? Any experiences with this would be helpful.Hi Mary,
Firstly, are the org structures in the two ECC clients identical - in sync with each other?
If the org structures are different then it would limit the options that you would have:
- CUA client would simply be used for the provisioning of the user id
- The role to position allocation would still take place locally in each of the ECC clients
- You would have to maintain the 105 relationships locally in the ECC clients
- You would have to set the role maintenance option in SCUM to local maintenance
If the org structure is the same on both ECC clients, then it would provide you with some additional options:
Option 1 - use the approach described above to allow for local maintenance
Option 2 - ALE the org structure to the CUA client, then allocate the composite roles to the positions on the org structure and maintain the 105 relationship on the CUA client.
- the roles will then be distributed to the correct child system when the org recon is run
Option 3 - Use one of the ECC systems as the CUA client (Which we are busy implementing at the moment)
I'm using my ECC system as my central CUA for the production system, I know that many people would disagree with this due to upgrade requirements and all the rest. However in the Netweaver environment the ECC client is typically on the highest basis release, which caters for the CUA requirement and CUA is far more stable these days which reduces the risk. The other reason we have chosen this route is also the capacity of the ECC production system which is suitable.
Also the HRORG is maintained on the same system, therefore less ALE requirements to move the org structure between systems etc. In the landscape we currently have BI and Portal, future applications/modules include ESS, MSS, APO and SEM.
To achieve the solution I create all roles for all applications in the landscape, in the ECC client - for non-ECC roles the role definition is only role name and description (the correct authorisations are then maintained in the relevant child system). These are then distributed via RFC to the various child systems, it requires a couple of small changes but does work fine. All roles are then inlcuded into a composite role, regardless of which child system the role belongs to. The composite role is then allocated to the position in the HR org and once the HR recon is run, the role allocations are distributed to the correct child system. An example of a Line Manager Composite role would include:
- HR Line Manager (ECC Client)
- Cost Centre Manager (ECC Client)
- BW Line Manager Menu role (Portal)
- BW Line Manager Data role (BI client)
- Purchasing Approval (ECC Client)
I'm not sure if this has helped you, but in short the CUA integration with HRORG does work reasonably well and depending on the approach you choose it could affect the amount of maintenance that takes place. Just remember that the structural profile allocations would always take place locally on the ECC clients and only the role allocations can be managed from the CUA.
Regards
Sujeet -
HR Replication - only part of org structure needed in SRM - excess IDOC's
Dear peers,
we are running HR-ALE to replicate HR master data from a separate HR system (ECC 6) into the ERP system (ECC 6, with SRM as add-on).
Only a part of the organizational structure is needed in SRM, this O-unit is specified in PFAL for initial replication. Delta replication is setup through change pointers - as recommended by SAP.
Unfortunately change pointers are generated for the complete org structure, not just for the org part we are replicating into SRM. This results in a lot of IDOC's that go into error because of missing and irrelevant data.
What can we do to avoid generating IDOC's that are not needed?
> continue with the change pointers, and filter out non-relevant data via user exit on outbound side
> switch off change pointers, and schedule PFAL in update mode instead
> perhaps the root org structure can be specified in the ALE distribution model filter as well so IDOC's generated from change pointers take this into account
Thanks for your point of view on this topic
Cheers, LindaHi Linda,
In our project SAP is the single point of truth. So we are not stopping any replication pertaining to postion and organization unit in SRM as well as CRM from SAP.
Having said that user is assgined to postion and user has role. As a results if any user doesn't have any role related to SRM and CRM , user will not be replicated. In that case those user deosn't have any authorization to access the SRM systems though their postion and organization unit may be avaialble in SRM.
otherwise : switch off change pointers, and schedule PFAL in update mode instead
This will be simplest methods
Regards
Dayal -
Control Workflow Report output using Structural Authorization
Is it possible to control output of Workflow Reports using Structural Authorizatins. E.g. Workflow Admins having access to tcode SWi2_FREQ will be able to see project wide data, but i want to restrict the workflow admins at department level from seeing workflow data for other departments. is that possible using Structural authorizations or any other mechanism?
My understanding is that Structural authorizations pretty much control PA/PD, and not other modules. I did a quick test,
1) Created a org structure
2) Created employees, users, and set up structural authorizations
Now when users are granted authorization to PA20, they are restricted to what they should be seeing, but when they are granted authorization for workflow admin reports, structural authorization don't seem to work, they are able to see data for workflow triggered for other departments as well. Is that the standard behavior or i am missing something. I don't have enough experience with Structural auth.
I will appreciate any guidance on this matter.
Thanks,
SaurabhArghadip, please explain how this will prevent someone from Norway from looking at the workflow log of a workflow for an employee belonging to the Danish part of the organisation.
<i>Message was edited by Kjetil Kilhavn:</i>
To explain a bit more in detail: how does this prevent me (Norwegian) from going into SWI1, SWIA or any other transaction, and looking at data from other parts of the organisation. I don't think it will work.
I think the only way to achieve this is to either modify SAP's standard code and include some structural authorisation checks - or take the standard transactions out from every user role and create your own wrappers or program copies which basically does the same as the modification would have to do. -
ESS - Managers can view current salaries on old org structure
Hi,
I have a problem in SAP MDT and am hoping for some help. A manager can change the date range in MDT to view historical organisational structures and data... My problem is that managers can view old organisational structures with up to date personal details by using date ranges such as 01.04.2007 - 27.07.2009!
This means that managers can view their old colleagues current salaries by changing and expanding the date range...
Does anybody know the best method of fixing this? I know that the original problem is due to poor maintenance of the org structure, however this may be the case for several departments...
Thanks!Euan :
You can implement structural authorization, and assign managers to authorization profiles with peridod set to 'D' (Key Date) to resolve this issue.
Rgds. -
Structural Authorization: Difference Between AUTSW-DFCON and AUTSW-ORGPD?
Dear All,
Can anyone explain to me the difference between AUTSW-DFCON and AUTSW-ORGPD in tbale T77S0?
And what is the relationship between these two switches?
Thanks!!HI Mr. potato,
working off dilek's informative post you may be considering ? context vs non-context?
this image explains how context problems arise in HCM. http://help.sap.com/saphelp_470/helpdata/en/b3/bfb83b5b831f3be10000000a114084/content.htm
I would say generally, when an organization decides to use structural authorizations, they also need to take into account a "context solution". This is most frequently used to "lockdown" how different parts of the HR organization has different authority access to different groups of employees (potentially overlapping). As an HR manager i might have full read access on IT0002 for the entire company (root org), but IT0008 view access only for a sub-org unit.
in this case you need to use the DFCON switch. the 'most restrictive setting for dfcon is value 2. the most iberal setting is, 4. Generally, you need to test all 4 to figure out what works for you.
settings for dfcon:
http://help.sap.com/saphelp_470/helpdata/en/56/db5bc71a64c94f9f2e3cb63e14c867/content.htm
Maybe you are looking for
-
How do I extract multiple tracks from a CD into a single file in Audition CS6?
I use Audition to edit my Pastor's messages. The message CD is made with five minute tracks. I want to extract the tracks from the CD into a single file for editing and altering the track lengths. I have done this before in Audition CS6, but I haven'
-
Using the Mac with windows for document imaging business is it practical?
I have incorporated my business in my state and the premise is to perform document imaging services. The problem though is alot of recommendations from windows people telling me its not practical to enter this arena using a windows xp on a mac and it
-
ITunes folder not visible in My Music folder and no B through Z files are visible either.
Last month, my iTunes program became corrupted and non-functional. The iTunes uninstaller didn't function either. I was able to manually remove and reintall iTunes. iTunes can access and show all my music files, but when looking at the My Music fo
-
I am making an interactive report/presentation that I would like to have the page numbers automatically inserted. I usually name my markers by the chapters that they are in (ie cooking page 1 would be C1). Being lazy by nature I would rather not manu
-
Has anyone worked with Item Numbers when creating a form?
I have two Adobe forms, one for an application fee of $20 and one for an orientation fee of $20. I need to be able to distinguish between the two when in PayPal. I was told by PayPal support that I could add a unique item number when setting up an ad