P_ORGIN

Similar Messages

• How to delimitate the authorization on BI based on HR auth. object P_ORGIN

  Hi all,
  I need to insert in my BI role one authorization object to delimitate the view of data in the report (data are extracted from and SAP HR system) based on Personnel Area. On the HR system I have the authorization Object P_ORGIN that can be filled inside the roles for what concerns the value of  Personnel Area.
  How can I apply the same limitation inside the BI role?
  Many Thanks,
  Valentina

  Hi,
  R u using any other roles . If yes then open that roles and add object p_origin .It should work.
  Regards
  Nilesh

• Authorization Check Failed for HR P_ORGIN on VDSK1

  Hi Experts,
  We have an issue where an HR secretary is making an address change to an employee via pa30.  She is successfully able to save the change with no warning on the screen.  However, when we run /nsu53 immediately after, we see that there was an authorization check failed.  The check failed is in class HR, object P_ORGIN.  The field is VDSK1.  We have values defined there, whereas SAP is requesting a *.  We do not want to use the *, but the value in VDSK1 is correct and should not be failing.
  Anyone ever see this issue before?
  Thanks
  Shane

  Hi Shane,
  Since the secretary was able to save the record I assume there is no issue with the role. SU53 always shows last failed authorisation check. Even if transaction has been succesful you normally find failed authorisation checks from SU53. In your case I assume that PA30 checks first that if user happens to have P_ORGIN with * value in VDSK1. If not then it checks employees infotype 0001 and organisational key and tries to match that to the value in the role. If you pass this check SU53 will still show failed check where VDSK1=*.
  So this is normal behaviour for SU53 and nothing to be worried about. Annoying is when SU53 gives something sill as last check after error. Annoying are SU53 reports from users to add S_DEVELOP with Debug object because programmer has decided to leave break-point to program.
  cheers, s

• HR Authorization : Custom Authorization Object  for P_ORGIN

  Hi,
  I have created a Custom Authorization Object for HR named Z_ORIGIN (it has Personnel Subarea field BTRTL besides what's there in Auth. Object P_ORIGIN) and made it Check/Maintain for transaction PA30 in SU24.
  I can see the entries in the USOBT_C & USOBX_C tables for this object, I am also able to add this object in the roles as well.
  Everything looks fine, but when I execute the transaction the object Z_ORIGIN is never checked (for a user having this object in his/her User Master). Only P_ORIGIN object is checked instead.
  We've ran the report RPUACG00 also which is mentioned in this thread.
  We also coded the authority check code in the both user exit ZXPADU01 and ZXPADU02 for PA infotype operations
  but still it is taking the P_ORGIN object

  Online Help
  <a href="http://help.sap.com/saphelp_erp2005vp/helpdata/en/d9/64141c0774194593da29f3cb813f1b/frameset.htm">P_NNNNNCON (HR Master Data: Customer-Specific Authorization Object with Context)</a>

• Error "Inconsistancy in the auth object P_ORGIN"

  Hello Gurus,
  I have to add a tcode which involves auth object P_ORGIN. When I add the tcode and go to authorization tab then it gives the error as "Inconsistancy in the auth object P_Orgin"
  Please let me know how should I add the tcode now. Thank you !
  Regards,
  MA

  PLease provide tcode
  The reason why the profile generator cannot correctly insert the
  default values of these transactions is due to a data inconsistency in
  table USOBT_C (default values for customers). The table does not
  contain an entry for field BTRTL of authorization object P_Orgin.
  You can immediately correct the incomplete data in your customer table
  USOBT_C using the following steps:
  Step 1 Execute transaction SU24
  Step 2 Enter the transaction affected by this error ie XXXX
  Step 3 "Change check indicator" (F6) in the application toolbar.
  Step 4 With "Display field values" (F7) you check the default values of
  P_Orgin. Please document the values.
  Step 5 Go back to the previous screen and set the check indicator from
  "Check/maintain" to "Check" for P_Orgin.
  Step 6 Set the indicator for P_Orgin back to "Check/maintain".
  Step 7 Choose the function "Change field values" (F6) and insert the
  formerly documented values for AUTHC in object P_Orgin.
  Now you see also the field BTRTL being presented.
  Save the changes.
  Repeat steps 3-7 for each of the transactions affected.
  Hope you are clear with the steps.
  Thanks,
  Prasant
  Edited by: Prasant K Paichha on Mar 3, 2010 3:01 PM

• Add Authorization field to Authorization Object (BTRTL to P_ORGIN)

  Hi,
  Could anybody please let me know the steps to add authorization field to an authorization object.
  I want to add authorization field (BTRTL) to authorization object (P_ORGIN).
  Please suggest..
  Thanks is advance!

  Hai..
  Goto SU03- access Class HR -> Object P-ORIGIN-> then check/create the values for the field BTRTL.
  For checking authorization Reports, we use command 'AUTHORITY-CHECK OBJECT'.

• Restrict user on custom report by using P_orgin

  Hi
  I have a requirement of restricting the view of a custom HR report based on Personnel Area(PERSA). I am using the standard authorization object "P_ORGIN" and  call the following in my code, still I am not being able to restrict the view of the report based on PERSA.
  The test user id created has the role rest
      CALL METHOD zyclmdmim_authority_chk=>zyxapm_authority_check
        EXPORTING
          infty = '0001'
          authc = 'R'
          persa = '0684'
        EXCEPTIONS
          noauthorization = 1
          OTHERS          = 2.
  method zyxapm_authority_check.
    authority-check object 'P_ORGIN'
    id 'INFTY' field infty
    id 'AUTHC' field authc
    id 'PERSA' field persa.
    if sy-subrc <> 0.
      raise noauthorization.
    endif.
  endmethod.
  Regards
  Swarnali
  Edited by: swarnali_IBM on Jan 28, 2012 9:10 AM

  Hi Swarnali
  You can use codee below
  CALL METHOD zyclmdmim_authority_chk=>zyxapm_authority_check
        EXPORTING
          infty = '0001'
          authc = 'R'
          persa = '0684'
        EXCEPTIONS
          noauthorization = 1
          OTHERS          = 2.
  method zyxapm_authority_check.
    authority-check object 'P_ORGIN'
    id 'INFTY' field infty
    id 'AUTHC' field authc
    id 'PERSA' field persa.
    if sy-subrc NE  0.
      raise noauthorization.
    endif.
  endmethod.

• Is there a BAPI for updating hundreds of HR roles (P_ORGIN)?

  I need for hundreds of HR roles that have P_ORGIN auth. object to copy the P_ORGIN object to P_ORGINCON object.
  As PFCG is an enjoy SAP tx, I cannot do BDC and I am wondering if there is a BAPI to do this process.
  Thanks.

  Hi Nadine,
  did you get an answer on this as yet? We will be having the same tedious task.
  Regards Dries

• Bypass P_orgin auth check for standard MSS reporting

  Hi SAPers,
  on my HR system, I have 2 types of users : ESS/MSS users (via portal) and backend users (via sapgui).
  ESS/MSS role does not contain any P_ORGIN authorization because it should be added to their authorizations if they are also backend users.
  The problem is coming from standard MSS reports : the "time statement overview" among other report needs P_ORGIN (IT 0, 1, 2, 7, 8, ...) !
  Is there a way to bypass the standard authorization check for MSS reports ?
  Thanks in advance,
  Olivier.

  >
  Olivier TACA wrote:
  > Example :
  >
  > Portal Role for ESS user contains P_ORGIN for IT 0006 (Address)
  >
  > Backend Role for backend user contains P_ORGIN for IT 0002 (Personal data) ... and S_TCODE for PA30 of course.
  >
  > The backend user, who is also an ESS user, can manage IT 0006, which is not foreseen in the backend role.
  >
  > I use P_PERNR for the portal role to manage access to infotype.
  I see two issues here:
  1. ESS is NOT setup correctly.
  - You don't need P_ORGIN for ESS.  You only need P_PERNR.  The trace might even show an error looking for P_ORGIN but you do not need it.  This is an example of a role I have using ESS services for addresses.  I don't have P_ORGIN, P_ORGINCON or P_ORIGXXCON.  Do NOT use PA30, for ESS, that is very dangerous.  The ESS services can be added to a role and should be use for ESS.
  Here is an example of what I have:
  Manually   HR: Master Data - Personnel Number Check                     P_PERNR
  Manually   Address Change - Permanent and Emergency
       Authorization level            D, E, M, S, W                                                               AUTHC
       Infotype                       0006                                                                        INFTY
       Interpretation of assigned per I                                                                           PSIGN
       Subtype                        *                                                                           SUBTY
  2. MSS - I can't find the service for the report you are looking for.  If you provide the MSS service I can run some traces and probably help you isolate your problem.  Example of an MSS service (sap.com/mss~pla/PlanningPrimaryCosts).
  I hope I didn't sound too harsh; I am just trying to help.
  Regards,
  -John N.
  Edited by: John Navarro on Aug 5, 2008 5:46 PM

• Inconsistencies in P_ORGIN for Transaction code PU00

  Hello Gurus,
  I am getiing a inconsistancy error in the auth object P_ORGIN when I try to add a tcode PU00 and while going into the authorization tab.
  I understand that this need's to be corrected in SU24 for the tcode PU00 and deleting the proposed values and saving the settings then modifying the role and then changing back to the previous authorization values. I checked that the tcode PU00 has these values currently.
  P_ORGIN     AUTHC     M
  P_ORGIN     AUTHC     R
  P_ORGIN     AUTHC     W
  P_ORGIN     INFTY     
  P_ORGIN     PERSA     $PERSA
  P_ORGIN     PERSG     
  P_ORGIN     PERSK     
  P_ORGIN     SUBTY     
  P_ORGIN     VDSK1     $VDSK1
  Please let me know if I need to delete all these values then save the settings and then modify the role. I see that it prompts a workbench request for this changes.
  Regard's,
  Salman

  Hi Salman
  Yes, you would need to delete the objcet P_ORGIN and add it back with the same values as listed. It will promt you to create a workbench request. Once changes are done you can go to the role in transaction PFCG and authorization tab go to "Expert mode for Profile Generation" and check on "Read old status and merge with new data" to import the changes in the role.
  Once the changes are done in the role, generate the role.
  Thanks.
  Anjan

• PT60 the field Personnel Area( PERSA ) of the authorization object P_ORGIN

  Hi,
  When running transaction PT60 the field Personnel Area( PERSA ) of the authorization object P_ORGIN is not checked.
  I have run SU24 ,the objects are there with chech indicator of authorization object = "CHECK".
  What can I do about it ? Is there any note to fix this ?
  thanks!
  Olivia Yang

  Hi,
  In object P_ORGIN what you need to check for authorisation is it on Personnel area or PSA.Actually we have org.key for authorisation which is define in P_ORGIN.If you can define org. key as PA/PSA/EG/ESG you can check the authorisation for specific users.
  Regards,
  Snita

• Object P_ORGIN inconsistent

  Hi all,
  I have created a new Role and inserted the Tcode OOOE in the menu tab and when click on change authorization data in Authorization tab it pops up with an error message
  “Authorization default values of transaction OOOE for object P_ORGIN inconsistent”.
  Message no. 5 @ 015
  Diagnosis
  The authorization fields included in authorization default values are incomplete or incorrect
  System Response
  The action is terminated to avoid inconsistent authorization data
  Procedure
  In transaction SU24, modify the authorization default values in object definition from transaction SU21, and repeat the action.
  I have checked the values of P_ORGIN using SU21 & SU24 and they have default values.  How to make the P_ORGIN object consistent?
  Thanks in Advance
  Ravi

  Result of a test in 4.6C and 4.7 system (with up-to-date support package):
  The PFCG loads the merged authorization proposals for S_TCODE, PLOG, P_ORGIN and P_TCODE according to the SU24 data for the parameter transaction OOOE and the 'master' transaction PPOM. -> It seems that you have a special problem in your system.
  I assume that you have the same problem if you add transactopn PPOM inte a role, because the systems loads these authorization proposals.
  The PFCG shows the message if there is an inconsistency between authorization proposals in table USOBT_C and the definition of an authorization object in table TOBJ
  My suggestion: Use SU24 to delete the authorization proposals for transaction PPOM, save it and add them again.
  P_ORGIN   
  AUTHC      *
  INFTY      0000 0001 0002 0003
  PERSA      <empty>
  PERSG      <empty>
  PERSK      <empty>
  SUBTY      *
  VDSK1      <empty>
  Please check note <a href="https://service.sap.com/sap/support/notes/745655">745655</a>, too, which might be applicable.
  Kind regards
  Frank Buchholz

• P_ORGIN object - converting VDSK1  field to Organizational Level field

  Hi there,
  SAP ECC 6.0  SAP_BASIS     701     0007     SAPKB70107     SAP Basis Component
  Looking for input on changind the VDSK1 field in P_ORGIN object to Organizational Level field to use Role Master and subroles(derived) concept. We currently maintain a separate role for each set of Cost Centers and infotypes. On occasion the infotypes
  change but means a great deal of manual changes for each P_ORGIN defined role. Our approach is all within the P_ORGIN object - no structural auth in place. Any input or experience appreciated.  We separate the functional part of the HR acess in one role tcodes/other objects and separate the master data access p_orgin in another role - which is different for each user.
  Thanks !

  Dan,
  I hope you already heard about PFCG_ORGFIELD_CREATE, using this we can convert auth field into a org field.
  There are snotes aswell on this. Please do a search in SMP.
  Thanks,
  Brahmeshwar.

• P_ORGIN and P_ORGXX?

  Guru's
  What are P_ORGIN and P_ORGXX?
  Thanks,
  Harish

  Hi ,
  These 2 are the authorisation objects ,
  P_ORGIN consisting of fields
  AUTHC     Authorization level
  INFTY     Infotype
  PERSA     Personnel Area
  PERSG     Employee Group
  PERSK     Employee Subgroup
  SUBTY     Subtype
  VDSK1     Organizational Key
    and
  P_ORGXX consisting of fields
  AUTHC     Authorization level
  INFTY     Infotype
  SACHA     Payroll Administrator
  SACHP     Administrator for HR Master Data
  SACHZ     Administrator for Time Recording
  SBMOD     Administrator Group
  SUBTY     Subtype
  Once these are provided to the user , he/ she can access the data accordingly .
  Let us take for example there is a role maintained for a user
  THis is how it looks for a user in SU01
        Standard   Cross-application Authorization Objects
        Standard   Transaction Code Check at Transaction Start
        Standard   Transaction Code Check at Transaction Start
                Transaction Code               PA51, ZPTR0011
                Changed    Human Resources
                Changed    HR: Master Data
                Changed    HR: Master Data
                  Authorization level            R
                  Infotype                           2006, 2007
                  Personnel Area                 HYD, BGL
                  Employee Group               *
                  Employee Subgroup           *
                  Subtype                            *
                  Organizational Key             *
       Inactiv     Standard   HR: Clusters
       Inactiv     Standard   HR: Master Data - Personnel Number Check
  Now this employee is capable of looking into data from 2 personal areas  HYD and BGL only .
  Also if this being maintained can be used in the custom reports(Z-report) as well for restricting the data according to locations .
  Hope this helps .
  Regards
  SureshP

• Relation into P_ORGIN and INFOTYPE 105 SUBTYPE 0001

  Hello, at the moment I have a problem, I add the user's name in the infotipo 105 and subtype 0001 but this cause that the user can see his data in the infotipo 0001, when at level of P_ORGIN one has specified that alone he can see personal to his position by means of the organizational key.
  Does this infotipo have some precedence on the P_ORGIN?

  when at level of P_ORGIN one has specified that alone he can see personal to his position by means of the organizational key.
  At VSK1 level
  P_ORGIN
  INFTY   - Info type
  SUBTY
  AUTHC- Authorization Level
  PERSA u2013 Personnel area
  PERSG u2013 Employee group
  PERSK- Employee sub group
  VDSK1- Org Key