PNP LDP Authorization

Hello All,
I am using PNP LDP on my report, the authorization are skipping some personnel numbers saying insufficient authorization. But my program requires all the personnel number to be downloaded, please let me know how this can be achieved.
Thanks.

When using PNP the system checks your user id security to see if you are allowed to access certain employees.  It should to me as if your User ID will not let you view all employees.  If you are downloading data  to the server then maybe your comapny have a user Id created that has access to all employees so that when the job is scheduled it is able to pick up all employees.
Failing that have a word with your security team to get your access changed.
Regards
J

Similar Messages

  • Disabling PNP ldb authorizations

    Hi Experts,
    I am fetching data using pnp LDB ,
    But due to authorization issue I am not able to access certain data.
    Is their any way to disable pnp ldb authorization & get the results.
    Thanks in Advance.
    Regards,
    IFF

    Hi
    Answer is pure assumption
    Pls check the OSS note
    Note 492743 - PNP LDB: Incorrect authorization check
    it may give some idea.
    Pls take opinion from SAP / Basis before implementing the note
    Regards
    Madhan D

  • Coding ABAP using LDB PNP and authorizations problems

    This post requires a blend of ABAP and HCM skills.
    When coding my own ABAP using LDB PNP, the LDB will provide me with the employees selected but will skip those for which I do not have access (regarding Authorizations settings) to one or more of the infotypes declared in the program.
    As a programmer I would like to receive from the LDB the information that an employee is skipped so that I can handle the exception.
    Do you know how can I get this information from the LDB?
    Thanks

    I dont know if PNP can do it but PNPCE can:
    at END-OF-SELECTION call macro PNP_GET_AUTH_SKIPPED_PERNRS
    it will provide a list of skiped PERNRs
    for further info see docu PNPCE

  • PNP LDB Authorization skipping

    Hi Experts,
    We have a custom report reading data from  Infotype 0000,0001,0002 and 9001.This is working fine.
    There are many SAP users who will use the report.
    Users AAXX have 9001 authorization and user BBXX does not have 9001 authorization.
    Problem # Report working fine for user AAXX but does not display output for BBXX and throw error massage(like :9001 no authorization).
    The requirement is to display data from Infotype 0000,0001 and 0002 for BBXX and field from 9001 will remain blank.
    Please share the sloution.
    Manoj Lakhanpal
    Edited by: Manoj Lakhanpal on May 8, 2011 4:37 AM

    Hi,
      Use FM : HR_READ_INFOTYPE_AUTHC_DISABLE to disable the authorization on a particular infotype.
      For more info and examples check for where used list on this FM.
    Regards,
    Srini.

  • Authorization on PNP logical database

    My limited understanding of authorization on reports that uses PNP/PNPCE logical database is that if a user who runs the report does not have authorization for any of the declared infotypes then the report stops with message 'no authorization for infotype ...'.  And if the user has authorization for the infotypes but do not have authorizations for some of the PERNRS then it will only display those records that user have authorization for and shows message saying no. of skipped records (of those that user did not have authorization).
    Programmers here say that the users who do not have authorization for some infotypes should still be able to see list for other infotypes that they do have authorization for.
    -- Please shed some light on this and guide me if there is a cookbook/document out there about this.
    Thanks a bunch.
    Netra

    Hi Neha,
    Adding further.
    Each report is different in its own way and there are various ways of controlling the access to the Reports based on ur scenario.
    The first check happens at the P_ABAP level where in it checks the access to the program corresponding to that report and level of access (1,2).
    If these are missing then it goes further to check for the explicit access
    in objects like
    P_ORGIN, P_PERNR etc.
    Now in some of these reports the processing is designed in such a way that if the access to an IT is not available it throughs a error message and the processing of the report stops at that instance (this depends on the message type which has been defined at that instance to be displayed) so at this instance you need to have access to that IT to proceed further but in some other cases the check does happen but the processing continues without stopping at that check failure(example is P_PERNR, the check happens but is not required for processing the report).
    This is one example but there could even more criterion based on which the processing of the report is terminated or allowed to continue depending on the reports utility
    <a href="http://help.sap.com/saphelp_nw2004s/helpdata/en/9f/dbaabc35c111d1829f0000e829fbfe/frameset.htm">The different message types and their significance is as follows</a>
    So what you have been told by programmers is true in some cases but surely not accross all the HR reports and all auth objects.
    Hope this helps
    Manohar
    Message was edited by:
            Manohar Kappala

  • Change in LDP PNP Selection Screen

    Dear Friends,
    As you all are aware that for LDP PNP we have a selection screen. In the selection screen, Personnel Number field has to be changed as Employee Number. Can some one tell how we can acieve this?
    Thanks
    Somu

    Hi,
    Changing of text will not be possible.
    You can change it at data element level which will affect at all places where the data element is used. That is also possible only in ECC.
    You can create ur own field if u need and give it a text but then automatic filtering will not be possible.
    Regards,
    Divya

  • Authorization check in LDB PNP

    Hi All,
    I am using logical database PNP in my report program and GET PERNR to fill the infotype tables. Infotype level authorization checks are performed but not Org data level (organizational assignments). The role assigned to me has access to data of specific personnel areas but I am able to retrieve data of all personnel areas (this was maintained in the authorization object P_ORGIN).
    I read the level of simplification should have a value 1 in the authorization object P_ABAP for Org Level authorizations to be performed. I have updated my role but still org level authorizations are not performed.
    Can you please let me know if  any special setting are to be done like in Tcode OOAC or set some flags/parameters in the report program to perform org data level authorization.
    Any information provided will be really helpful.
    Thanks,
    Pavan

    Hi,
    A separate ID was created in an environment similar to production and proper authorization were assigned to it (I mean roles with authorization objcts P_ABAP - level of simplfication 1 and P_ORGIN - restricting based on personnel area). Still Org level authorizations were not performed while using the LDB PNP. Is there anything I am missing?
    Thanks,
    Pavan

  • Authorization checks for PNP LDB

    question    : how to validate authorization checks for pnp logical database?
    2 nd question: hr report
    this report is basically for salary survey. in this i had so many fields can any body let me know how
    can i form the internal tables. and i have to display overall 150 fields in csv file for that
    how can i take in to the final internal table.
    what is the logic behind this:
    T71JPR09-JOBCODE
    PA0000-PERNR
    HRP1000-STEXT
    P0006-PSTLZ
    PA0008-ANSAL * 100 / PA0008-BSGRD
    PA0015-BETRG
    PA0761-LTEXT  WHERE PA0761-CPLAN = LTI PLAN PSU YEAR 1
    PA0761-GRADT  WHERE PA0761-CPLAN = LTI PLAN PSU YEAR 1
    PA0761-ZZGRANT WHERE PA0761-CPLAN = LTI PLAN PSU YEAR 1
    PA0761-LTEXT WHERE PA0761-CPLAN = LTI PLAN esu YEAR 1
    like that i had.
    please give me the steps how can i proceed.

    Hi,
    The PNP database will take care of authorization check. It will not execute if used does not have authorizations.
    Hope this helps.

  • Authorizations with PNP and Get Pernr.

    We have just noticed an issue with how our custom reports are working in regards to authorizations.  Our users have authorization to see Basic Pay infotype information up to the point where an associate becomes an executive.  When running our reports the latest salary shows up instead of the last one they are allowed to see or just leaving that field blank.  We are using the PNP logical database and Get Pernr.  Isn't that supposed to pick up whatever authorization is assigned to the person?
    Thanks,
    Mary

    I do not know how you come to this statement. Of course LDB checks ALL HR Authorization defined. This incoporates the personnel administration part as well as the combination to structural authorizations.
    However PNP will skip a PERNR if the user has only partial authorization by default. To get also only the restricted data what the user can see you must use the switch PNP_SW_SKIP_PERNR = 'N' at INITIALIZATION point.
    Please see the documentation available here:
      http://service.sap.com/erp-hcm
    On the left side follow the links:
      Services for mySAP ERP HCM
        Special Documentation
    Regards,
    Michael

  • LDB PNP authorization check authorization object

    Hi,
    I have used LDB PNP for HR reports.
    We are using the authority check also, but the problem is all the records/data for all the people is being read by the report where some of the people data should not have been read as they belong to some other personal area that the role of the executer (user).
    Hence it appears that authorization check is not working properly.
    Following is how I am using it, Please suggest corrections or alternate way to correct this issue.
        rp-provide-from-last p0002 space gwa_outlist-begda 
                                                        gwa_outlist-begda.
        IF pnp-sw-found NE '1' OR
            pnp-sw-auth-skipped-record EQ '1'.
            EXIT.
        ELSE.
            ls_tab-vorna = p0002-vorna.
            ls_tab-nachn = p0002-nachn.
        ENDIF.
    Please reply with the corrections ore alterations,
    Thanks in advance.
    Akash.

    Hi,
    (1)
    Actually, if you're wirting report with PNP LDB, you do NOT need to do this hard-coded auth checking at all. Because the LDB abap code behind PNP has already do this job for you.
    So all you need to do is to ask you HR consultant or Basis consultant to modify the authority config of certain ROLE with t-code PFCG, and then assign that ROLE to certain user with t-code SU01.
    ABAP code behind PNP will automatically verify the current user according to his ROLE setting.
    (2)
    In some case you do not work with LDB report, then you need to do the authority check by yourself. General function  AUTHORITY_CHECK is what you need.  AUTHORITY_CHECK do the authority check by means of Authority Object.Belows are authority objects used in HR module(you can also see in PFCG if technial name switched on):
    P_ORGIN    HR: Master Data
    PLOG       Personnel Planning
    P_PCLX     HR: Clusters
    P_TCODE    HR: Transaction codes
    Sample of checking personal area:
    CALL FUNCTION 'AUTHORITY_CHECK'
         EXPORTING
              FIELD1              = ' PERSA'
              OBJECT              = 'P_ORGIN'
              USER                = 'SAPSUPPORT1'
              VALUE1              = 'Z001'  
         EXCEPTIONS
              USER_DONT_EXIST     = 1
              USER_IS_AUTHORIZED  = 2
              USER_NOT_AUTHORIZED = 3
              USER_IS_LOCKED      = 4
              OTHERS              = 5.  
    IF SY-SUBRC NE 2.
    MESSAGE E001(01) RAISING AUTH_FAILED.
    ENDIF.
    Reward if helpful pls!

  • LDB PNP authorization check at record level - rp_provide_from_last

    hi,
    i am using LDB PNP,
    I am using macro 'rp-provide-from-last' .
    I neeed to place a authorization check so that the user of the program should only be allowed to view records of the people which comes under the same personnel area as of the user of the program.
    Can you please guide me on how to implement this?
    thanks in advance,
    akash.

    Hi,
    (1)
    Actually, if you're wirting report with PNP LDB, you do NOT need to do this hard-coded auth checking at all. Because the LDB abap code behind PNP has already do this job for you.
    So all you need to do is to ask you HR consultant or Basis consultant to modify the authority config of certain ROLE with t-code PFCG, and then assign that ROLE to certain user with t-code SU01.
    ABAP code behind PNP will automatically verify the current user according to his ROLE setting.
    (2)
    In some case you do not work with LDB report, then you need to do the authority check by yourself. General function  AUTHORITY_CHECK is what you need.  AUTHORITY_CHECK do the authority check by means of Authority Object.Belows are authority objects used in HR module(you can also see in PFCG if technial name switched on):
    P_ORGIN    HR: Master Data
    PLOG       Personnel Planning
    P_PCLX     HR: Clusters
    P_TCODE    HR: Transaction codes
    Sample of checking personal area:
    CALL FUNCTION 'AUTHORITY_CHECK'
         EXPORTING
              FIELD1              = ' PERSA'
              OBJECT              = 'P_ORGIN'
              USER                = 'SAPSUPPORT1'
              VALUE1              = 'Z001'  
         EXCEPTIONS
              USER_DONT_EXIST     = 1
              USER_IS_AUTHORIZED  = 2
              USER_NOT_AUTHORIZED = 3
              USER_IS_LOCKED      = 4
              OTHERS              = 5.  
    IF SY-SUBRC NE 2.
    MESSAGE E001(01) RAISING AUTH_FAILED.
    ENDIF.
    Reward if helpful pls!

  • PNP and Selection Screen 900 and Authorization

    We have used the combination of logical db PNP with selection screen 900 to write a few custom payroll reports.  We noticed right away that this combination seems to ignore HR authorizations.  Meaning, someone could read payroll results for employees they are not authorized to see.  We had to add our own authorization checks.
    Am I missing something or is something wrong with the 900 selection screen?

    Hi Kenneth,
    The 900 selection screen is for evaluation of Payroll Results. The system checks whether the user who started the evaluation has the correct authorization for this evaluation. Since the data retrieval is from the Payroll Results and not Master data the regular Authorization checks might not be relevant here. Even if the User has no authorization to view the Employee's Master data, he/she might still be able to view the Payroll results via this selection screen if he /she has the evaluation authorization. You are probably right in having to put in your own authorization checks. I hope I am not wrong.
    Regards,
    Suresh Datti
    Message was edited by: Suresh Datti

  • Authorization Logic in PNP

    Hi Experts,
    I am using PNP for the payroll programming.
    For the PA data retrival am using PNP (Get pernr) and for payroll data am using FMD(CU_READ_RGDIR, PYXX_READ_PAYROLL_RESULT).
    The basis team here has a doubt, how the authorization check is happening and for which authorization objects. I know PNP does default authorization check and the FMD also we can pass those parameters.
    Can anyone explain me how it happens internally?
    Thank you so much.
    Thanks & Regards
    Manas Nayak

    Hello,
    I wanted to have the same information but the link you gave is not working anymore.
    My Issue today is the same as discussed above, I'm using CU_READ_RGDIR, PYXX_READ_PAYROLL_RESULT to get payroll result.
    But for someone who doesn't have the authorization to read the payroll result for a specific pernr (Eg : when I'm using TSCODE : pc_payslip, the person doesn't see the payroll result of the employee) but using my program he is able to read it. I wanted to know how the authorization check is working ?
    Thank you

  • Ldp pnp

    guys help me out
        i am facing a problem
    lets us i am using pnp and in th selection screen given by the pnp
    as a user i am entering wrong values that is pernr does not belong to the company code
    so how to check it?.
    any help would be very usefull
    sarangan r

    hi,
    go through these links,
    http://www.atomhr.com/know_preview/Reading_Payroll_Results_with_ABAP.htm
    http://www.atomhr.com/know_preview/Reading_an_infotype_without_PNP_database.htm
    http://www.sap-img.com/abap/list-of-employees-who-have-completed-certain-yrs-of-service.htm
    http://www.sapdevelopment.co.uk/programs/custom/zdownempdata.htm
    http://www.sapdevelopment.co.uk/programs/custom/zp_postcode.htm
    http://www.ct-software.com/reports/ypmlist1.htm
    regs,
    jaga

  • How to use LDB PNP with ABAP objects in a program

    Hello,
    I am wondering if anybody has used the HR logical database(LDB) PNP with user defined ABAP objects in a program? I am using the FM- <b>LDB_PROCESS</b> but its not working. Also assigning PNP in the attributes section of the program -- so that I can use predefined fields from the LDB and then invoking the FM doesn't work -- throwing 'Logical database already active' error.
    I suppose even with the ABAP objects and the new FM -- I should still be able to utilize the pre-defined fields of the PNP database -- and also the built in authorizations. I cannot use GET PERNR and REJECT as they give errors. I understand that the use of HR-macros (RP-PROVIDE-FROM-LAST and et al.) are not allowed as they use the table work area -- which is not allowed in ABAP-OOPS.
    I would really appreciate if anyone could show me some insight regarding this. Thank you.
    Kshitij R. Devre

    Hi Kshitij
    It would be really good if we could use both together. But as I know, it is not possible. "GET pernr." is an event-like loop statement and so cannot be used in OO context. And I guess, the same restriction holds for the "LDB_PROCESS" since it uses LDB-specific processing.
    What I suggest you is to use standard and BAPI functions.
    Sorry for giving bad news...
    *--Serdar

Maybe you are looking for

  • Can u please give me inforamation on SRM flow ?

    Hi All, Can u please give me inforamation on SRM flow and shopping cart? and any usefull links or information to find tech information like tables BADI's transactions and where master tables. Thanks for ur time Kiran.

  • Problem with database

    hi, i am trying to update a table with following code : try{ stmt.executeUpdate("INSERT into Employee " + "(date,name,jobName,jobCode, startTime, endTime, shift, hours)" + "values('test', 'test','test', 'test','test','test','test','test') "); } catch

  • Oracle FAILSAFE and CVE-2012-1675

    Folks, I'm running Oracle 10.2.0.3 {PATCH 29} on Windows32 with Oracle Failsafe 3.4.4.1. I've tried implementing the IPC fix and the dynamic_registration=OFF fix as prescribed and get the listener.log error listed below with either attempt. It doesn'

  • MAC OS 10.5.7 FireWall & Java Socket programing

    Hi everyone, I am fighting for few days with a simple problem in vain. I am programming a simple java client-server application based on TCP sockets but I do not manage to open any socket at all due to a "connection refused" problem: In the previous

  • Impossibile accedere a iTunes

    Ho un iMac con sistema operativo mac OS 9.1 e iTunes T-1.0. Ha sempre funzionato egregiamente per circa 5 anni ... improvvisamente mentre era in uso, si è chiusa l'applicazione e a ogni tentativo di riaprirla compare il messaggio: " La libreria iTune