Structural authorization only possible in HR,correct?

Similar Messages

• F-90 TAX (Posting is only possible with a zero balance;correct document )

  WHEN I AM POSITNG THE DOCUMENT THROUGH F-90 I AM GETTING THE FOLLOWING ERROR
  ERROR:Posting is only possible with a zero balance; correct document
      Message no. F5060
  ACTUALY I HAVE SLECTED VENDOR 31 ASSET 70 WITH TAX CODE AFTER SIMULATING THE DOCUMENT
  THE FOLLOWING ENTYR IS COMING BUT WITH GREEN ERROR AS I HAVE MENTIONED ABOVE
  ENTRY VIEW AFTER SIMULATING IS AS FOLLOWS
     PK  BusA Acct                               INR   Amount        Tax amnt   
  001 31       0000700000 One time Vendor for        75,000.00-                  
  002 70       0020001031 000040010498 0000          75,000.00                 H1                                                                               
  Other line items                3,000.00                   
  D 75,000.00           C 75,000.00                   3,000.00  *    2 Line items
  ACTUALLY I HAV SEELECTED CALCULATE TAXES ON NET AMOUNT IN FB00.AT THE TIME ENTRY IS POSTING AS FOLLOWS
  31 VENDOR 75000
  70 ASSET  72200
  40 VAT     2800
  BUT THE ABOVE ERNTRY IS WRONG
  CORRECT ENTRY IS AS FOLLOWS
  31 VENDOR 78000
  70 ASSET  75000
  40 VAT     3000
  ACTUALY CALCUCULATION IS ON NET AMOUNTS.IS I DESELECT IN FB00 PROBLEM WIL SOLVE AND REFLECTING WITH GROSS AMOUNTS IN ASSET
  BUT TAX IS NOT CALULATING IN CUSTOMER INVOICE
  Regards
  sumathi
  Edited by: sumathi lakshmi on Jan 9, 2009 8:24 AM

  I HAVE BEEN TRYING THE SAME CAN ANYONE HELP AS I AM NEW TO THIS SYSTEM?
  F5060
  Posting is only possible with a zero balance; correct document?
  I HAVE BEEN TRYING BOTH VENDAR AND CUSTOMER WITH INPUT TAX AND OUTPUT TAX BOTH ARE SAME ERROR. IS THERE ANYTHING IN SETTINGS I NEED TO RECTIFY?

• Posting is only possible with a zero balance; correct document

  Hello SAP gurus,
  Please help me here. I tried to post a vendor invoice but i got an error message "Posting is only possible with a zero balance; correct document". 
  The debit and credit balance is correct. In document entry i  checked calculate tax and the GL master was assigned a tax code. How can i correct the document and be able to post the invoice?
  Thanks in advance,
  Prakash

  Hi,
  I had also faced same issue and got it resolved.
  For resolving it, I made necessary changes in Editing Options in transaction FB01.
  These Editing options are user specific settings and these can be found in transaction FB01 -
  Go to Settings --> Editing Options (F9).
  Alternatively, you can click Editing Option Button on FB01 Screen (Call Up Editing options for Accounting).
  Please check if it resolves your issue.
  Best Regards,
  Rajinder Sharma

• Failed HR Structure Authorization: should not be possible

  Hi there,
  I've got a strange problem which is quite similar to [this one|https://forums.sdn.sap.com/click.jspa?searchID=10542618&messageID=4893986], but the difference is that my userid does not have an entry in OOSB (T77UA) so it should not have missing HR Structure Authorizations because the general principle in the HR Structure is: No profile - No restrictions.
  However, this user is restricted, but not for all records. The restrictions seem very random.
  It seems that the userid itsself causes the problem. The account has been copied from another account. If you copy this account to any other userid then the problem does not occur, but I have to use this particular one because it is the official userid (personnel number).
  As I said earlier, OOSB is empty and also infotype 0105 (Communication) is set properly.
  I even tried to delete and re-create the userid completely but this did not help.
  It looks like there are some 'hidden entries' in table T77UA or another table setting for this userid that I am not aware of. Could anyone help me out her?
  Thank you!
  Kind regards,
  Lodewijk

  Hi Lodewijk,
  You say your problem is similar to the one you're referring to in your initial post.  Does that mean that you also get an error message saying:
  The last authorization check was successful
  Failed HR Structure Authorizations
  Date xxxxxxxxxxxxxxxxxxx

• Error Occured when Applying Structural Authorizations in E-Recruitment

  Dear Experts,
  The E-Recruitment functionalities were working fine when no structural authorizations are applied. However, when structural authorizations are configured for the user on the backend SAP system (I configured structural authorizations for the user to have access to only his own department), the E-Recruitment module does not work.
  When I tried to access requisitions-> maintenace, application management->applications, etc, (i.e. when the E-Recruitment module tries to retrieve data from the backend), the the following error message occurred.
  Error when processing your request
  What has happened?
  The URL http://<hostname>:<port>/sap/bc/bsp/sap/hrrcf_start_int/application.do was not called due to an error.
  Note
  The following error text was processed in the system ABC : <b>RAISE EVENT statement nested to deep.</b> The error occurred on the application server XYZ and in the work process 0 .
  The termination type was: RABAX_STATE
  The ABAP call stack was:
  Method: ON_CHANGE of program CL_HRRCF_INFOTYPE=============CP
  Method: INSERT_RECORD of program CL_HRRCF_INFOTYPE=============CP
  Method: READ_RECORDS of program CL_HRRCF_REQUISITION_INFO=====CP
  Method: GET_RECORDS of program CL_HRRCF_INFOTYPE=============CP
  Method: GET_RECORDS_BY_DATE of program CL_HRRCF_INFOTYPE=============CP
  Method: ON_REQUISITION_UPDATE of program CL_HRRCF_REQUI_BL=============CP
  Method: ON_CHANGE of program CL_HRRCF_INFOTYPE=============CP
  Method: INSERT_RECORD of program CL_HRRCF_INFOTYPE=============CP
  Method: READ_RECORDS of program CL_HRRCF_REQUISITION_INFO=====CP
  Method: GET_RECORDS of program CL_HRRCF_INFOTYPE=============CP
  Please advice if E-Recruitment supports structural authorizations. If it does, are there additional configuration required to enable structural authorization. Kindly enlighten me on how to resolve this error. Any help will be much appreciated.

  Hello Louis,
  I implemented e-recruiting with structural authorizations for a customer and encountered exactly the same error. Anything in the e-recruiting implementation leads to this problem. When you miss some object authorizations the implementation generates an infinite callstack which results in this short dump.
  So be sure you assigned all necessary objects to recruiters and also candidates (NA, NB, NC, ND, NE, NF, BP, CP, P, Q, QK, VA, VB, VC) but this might be difficult esp. with the P object, when you use structural authorizations for other purposes, too. This usually generates problems in manager involvement (e.g. manager can't choose a recruiter to approve his requisition as he has not the structural authorization for the hr department members).
  It is also a bit strange that candidates need for example change rights for the requisition (NB) although they won't actually change it but without it the relation application->requisition, candidacy->requsition cannot be created correctly.
  Last but not least be always sure that you refreshed the authorization buffers after changing structural authorizations. They are usually switched on for better performance.
  Best regards
  Roman Weise
  PS: be aware that using structural authorizations will keep you busy for some time. we needed ~2 months to set up the system in a way that e-recruiting worked as the custoimer wanted without interfering any other productive hr component (admin, org. mgmnt., managers desktop).

• Context sensitive solution for Structural authorization

  Dear all,
  I would like to know whether new relationship, evaluation path and authorization profile has to be created for each role with context sensitive structural authorization ?
  In T77UA table, each user has assigned a profile which tells the system how to find the structure by evaluation path (in T77PR table).  Then in tranx OOAW, the evaluation path indicate how to build the structure by series of relationship, and this way we have to create new relationship for each role with context.
  Am i correct ? 
  If an organization has many roles, then many relationship, evaluation path, profile.. has to be created !
  Thanks for your help !
  patrick cheung

  Hi Chandra,
  Thanks for your prompt reply !
  This is for <u>Context Sensitive</u> solution, <b>not</b> the normal structural authorization:
  Yes, if you add the authorization object P_ORGINCON in PFCG, you will notice that the field "<b>Authorization Profile</b>" has to be entered which tells the system <i>WHICH ORG STRUCTURE</i> does this authorization are refering to...
  In table T77PR, instead of hardcoding the organization unit in the object ID field, we use Evaluation path to tell the system how to find the org structure for employees.  Function RH_GET_MANAGER_ASSIGNMENT will return the org unit ID for the evaluation path.
  In transaction OOAW, the said evaluation path specified the relationships which the system should use to draw the org structure of the employee's supervision... and there should be relationship like "<b>Is managed by</b>", may be as follows:
  O     B     002     Is line supervisor of     *     O
  O     A     011     Cost center asignmnt     *     K
  O     B     003     Incorporates     *     S
  O     B     012     <b>Is managed by...</b>     *     S
  Up to now.... if you want to assign authorization to someone as follows, you could not simply maintain the same relationship "<b>Is managed by</b>" to Org Structure A and B because this will confuse the system as to which org structure you want the employee to maintain infotype 7 or 14/15.  You should then create different relationships and maintain them to Org Structure A and B.  And tell the system how to find the structure from the Evaluation path, which is stick to the Auth. profile.  The Auth. profile is then maintain in the Context sensitive master data object P_ORGINCON !
  (1)
  Org Structure A
  Maintain only infotype 7
  (2)
  Org Structure B
  Maintain only infotype 14, 15
  So... that's why i said if an employee has many role to perform duties in many different Org Structures (e.g. A, B, C...etc), you would create many relationship...
  Hope this message will give idea to someone who intend to implement Context Sensitive Solution.

• Control Workflow Report output using Structural Authorization

  Is it possible to control output of Workflow Reports using Structural Authorizatins. E.g. Workflow Admins having access to tcode SWi2_FREQ will be able to see project wide data, but i want to restrict the workflow admins at department level from seeing workflow data for other departments. is that possible using Structural authorizations or any other mechanism?
  My understanding is that Structural authorizations pretty much control PA/PD, and not other modules. I did a quick test,
  1) Created a org structure
  2) Created employees, users, and set up structural authorizations
  Now when users are granted authorization to PA20, they are restricted to what they should be seeing, but when they are granted authorization for workflow admin reports, structural authorization don't seem to work, they are able to see data for workflow triggered for other departments as well. Is that the standard behavior or i am missing something. I don't have enough experience with Structural auth.
  I will appreciate any guidance on this matter.
  Thanks,
  Saurabh

  Arghadip, please explain how this will prevent someone from Norway from looking at the workflow log of a workflow for an employee belonging to the Danish part of the organisation.
  <i>Message was edited by Kjetil Kilhavn:</i>
  To explain a bit more in detail: how does this prevent me (Norwegian) from going into SWI1, SWIA or any other transaction, and looking at data from other parts of the organisation. I don't think it will work.
  I think the only way to achieve this is to either modify SAP's standard code and include some structural authorisation checks - or take the standard transactions out from every user role and create your own wrappers or program copies which basically does the same as the modification would have to do.

• How to authorize only on the workbook analyse toolbox

  Hi all,
  How to authorize only on the workbook analyse toolbox and not the workbook design toolbox? (in the new bex explorer)
  Is there a specific auth. object?
  Context: For testing purposes users should only be able to create new workbooks en run (display) queries.

  You could use the event structure ("event loop") for this. 
  For any control that you want to protect, you'd create a value change case. Within this case, implement e.g. a pop-up subVI that prompts for a password and returns if the user typed in the correct password. If password is OK, perform the value change or action related to a button pushed, and if password is not OK, do nothing.
  Best regards,
  Jarle Ekanger, MSc, CLD
  Flow Design Bureau AS

• Structural Authorization views not displaying in EP

  We are using PD profiles to allow managers in an alternative org unit to approve time in MSS for employees not in their org unit. When you log onto the Enterprise Portal in the MSS Team Overview iview the manager cannot see the employees from the other org unit defined in the structural authorization. He can only see his own employees for his org unit. However, in transaction OOSB when you click the Display Objects button you see the positions and persons that should be visible
  to the manager.  We have assigned the profile through both PO13 to the position and OOSB directly to the user. We make sure to run RHPROFL0 after assignments
  of the profiles. HR has created a custom relationship Z99 and assigned to the positions for the alternate org unit.
  We had a scenario working in our sandbox at one time but we could not reproduce this in the development system.  Any tips would be greatly appreciated.

  Hi John,
  I know SAP_ALL doesn't matter but I wanted to rule out all possibilities of any standard authorization issue to isolate the PD profiles as the real issue. 
  To answer your question, the user can see his own org unit and subordinate employees in MSS.  The manager is a chief and manages his org unit.
  A colleague of mine mentioned that there may need to be some configuration established for the iViews in question so I put it to the HR functional team to confirm the correct customization is set up in the IMG for Integration with Other mySAP.com Components > Business Packages/Functional Packages > Manager Self-Service (mySAP ERP) > Object and Data Provider.  I'll report on the status of this as well when I hear back from them.  Thanks again.

• Posting only possible in periods 2011/11 and 2011/10 in company code 4000

  Hi All Experts,
  I have encountered with this error while doing MIGO.
  Posting only possible in periods 2011/11 and 2011/10 in company code 4000
  Message no. M7053
  Diagnosis
  The posting date entered is not within one of the permitted posting periods (current period/previous period).
  This can be due to one of two reasons:
  The correct current period has not been set in the system.
  For the system, the first of the entered periods is the current period. At the beginning of a new period, your systems administrator must change the current period in the material master record, using the function "Shift periods". This has not yet been done.
  You have entered a wrong date in the field "Posting date".
  Procedure
  Check the posting date and correct it if necessary. If your input is correct, inform your systems administrator that the "period shifting" (period-end closing) process has not yet been completed.
  I have checked OB52, OB29, OB37, MMPV, MMRV. All possible T.codes and threads I tried from SDN itself, still no luck ! In OB52 I have opened 2011 & 2012 year open absolute.
  Would like to share MMRV settings :-
  Current Period : 11 / 2011
  Previous Period : 10 / 2011
  Last period in prev year : 12 / 2010
  We have India based client so fiscal year variant is Apr to March copied from V3.
  Will be very much appreciable experts guidane !
  Regards,
  Sharvari Joshi.

  Hi All Experts,
  I raised the OSS, and here which I got the reply from SAP.
  There is a possibility to run the report RMMMINIT to initialize posting
  periods. Please bear in mind that the valuation data of the previous
  period could get affected.
  If you decide to proceed with the process, please review the
  documentation of program RMMMINIT.
  Please also review attached note 70545 regarding the initialization
  process. Although this note is NOT valid for your release, it provides
  good information on the use of initialization for correction purposes.
  Additionally, please review attached note 369637 in this regard as well.
  PLEASE FIRST PERFORM THIS IN A TEST/DEVELOPMENT SYSTEM PRIOR TO MOVING
  TO PRODUCTION AS YOUR VALUATION DATA FROM PREVIOUS PERIOD WILL BE
  AFFECTED. If you are satisfied with the results, then you can move it
  to production. Please perform this at your own risk as this hotline
  will not support any problems arising out of it.
  Related the error message MM016 please follow the steps from note
  487381:
  To reserve the parameter use transaction SU01 for the user's name who
  executes the RMMMINIT program. The parameter must be set as follows:
  Parameter Value
  MMPI_READ_NOTE YYYYMMDD (for the current date)
  I am not able make out any meaning out of it. Can anyone please understand me this ?
  Help will be appreciated !
  Reagrds,
  Sharvari Joshi.
  P.S : Steps from my side which I performed , I changed the parameters for my ID in SU01 to current date 2011.11.16 (YYYYMMDD) and running MMPI still same error.

• MSS genericiview and R/3 structural authorizations

  Hi,
  I have created some iViews based on par-file "eeprofilegenericiviewtable" to display R/3-queries. In R/3 we use also structural authorizations for the managers with functional module RH_GET_MANAGER_ASSIGNMENT.
  The structural authorization is working in R/3 for a selected manager selecting a query directly from the R/3 via SQ01, but it doesn't in the iview. When the same user is viewing the "query"-iview, the message "No data selected" appears.
  When I assign the user a structural authorization without the functional module RH_GET_MANAGER_ASSIGNMENT, e.g. only with some object types, the user can retrieve data without any problem using "query"-iview.
  Probably the problem is in the functional module HR_INFO_GET_USING_QUERY used for retrieving R/3 query data from the portal and used by the iview eeprofilegenericiviewtable.
  Has anybody met a similar problem? We are using EP6.0 SP14 and SAP R/3 4.6C.
  Beata

  Hi Dwayne (and others!),
  Were facing similar problems with the error message "R3_CONNECT_FAILED". However, our difficulties are a bit strange because i only occurs on one of our two server nodes. We're running SAP EP 6.4, SP9.
  Previously, we've had problems with the maximum number of connections towards our backend system, SAP R/3. But setting the environment variable CPIC_MAX_CONV helped us.
  However, now we get the above error, but only on one of our server nodes. Do you (or anyone else) have any suggestions as to what might be wrong?
  Thanks in advance,
  Rasmus

• Using same Apple ID  only possible fom one Computer?

  I have searched here but i cant find an answer to this problem.
  Is it only possible to log into the discussions from one computer with the same apple id?
  After purchasing a new computer (Mac Mini) i find that i can log into discussions Only from the old Imac when i use this apple ID. I remember that i used to log into here from other computers here. But now its not possible.
  When i try to log in from another Computer i always come into a registration window?
  When i set up the new Mac Mini i did not create an Apple ID becaus i thought i could use the old one. So i consider this to be a feed back and a question for help at the same time!
  Thank You!
  Message was edited by: Alfi
  Message was edited by: Alfi

  Hi Alfi!
  For each Mac you wish to log in with follow the directions posted below.
  Log out of Discussions.
  Delete the browser's Apple Cookies and clear the browser Cache.
  Quit Safari.
  Reopen Safari.
  The following link is for illustration. Do not use this link to perform the procedure. If needed print these instructions to use as a guide.
  On the Discussions Sign In Page the texts fields should be blank. Do not enter any info in the text fields.
  Instead, under "Did you forget your password?" click on "Click here for assistance". Do not change your password.
  On the page that opens, click on "Forget your Apple ID?".
  Enter the required info, click Continue and complete the process.
  If that doesn't correct the problem, Log-In to Your Info and determine if your Apple Account ID, contains any accent characters, such as an umlaut: ö, a grave: ò, or an acute: ó. (Å,å,Æ,æ,Ø,ø,ß)
  If so replace the accented character and use an equivalent letter.
  For example if there is a é present replace it with an e.
  You can also select the appropriate document {Recover Apple ID name or password}, which is linked to in this KB Article Apple ID Support.
  ali b

• Structural authorization check in HR-ABAP

  Hello Friends,
  I am not able to get how to do the structural authorization check, my exact problem was : There is a report where it diplays all the qualifications of the employees and now I should restrict to only the employees who belongs to the organization unit depending upon the user who is running the report belongs to. It should check some more authorization profiles also.
  Regards,
  Yoganand.

  Hi Yoganand,
  if you use logical database PCH in your report, it should work by default.
  Manually search for RHSTRUAUTH in transaction SE37. There
  is a function modul which gives a list with the person the user has authorization.
  With this list you could compare the list with selected persons.
  hope this helps.
  Regards
  Bernd

• HR-Structural Authorization-AUTSW ORGPD switch

  Hi All,
  We are facing an issue with our structural authorization.
  Our HR user are unable to view details of the employee who is been terminated in PA20.
  Background:
  1)The user is terminated on 10/2009
  2)when the user was terminated he was assigned to the org unit 10.
  3)Later the org unit 10 also got inactive.like it is not in the org structure anymore this is from 02/2010.
  4)From 02/2010 on HR users are unable to view the employee details (who is terminated and belongs to an inactive org structure) in PA20
  Analysis:
  1) When we see in the OOSB Information the HR user is not having authorization to view this org unit from the time it is moved out of org structure.I.e 02/2010.The endda is showing 02/2010 against the org unit in structural access of the Hr user.
  2)Other observation is that after HR users give PA20 we have taken su53 and it shows taht P_ORGINCON missing authorization for D,infotype 0000,subtype termination.
  3)we have done testing in Dev by changing AUTSW-ORGPD switch to 3 still no use.
  4)We did AUTSW-DFCON to 3 as we ahve context authorization also it also did not work.With DFCON 4 it is working but HR users are able to view not only their counry employee but also other country employees org assignmnet in PA20 which not acceptable.
  Requirement:
  HR users should be able to view terminated employees with org assignment(IT 0001)  but that org unit is not in validity date(i.e A 002 for org unit is delimited) .
  Any suggestions or ideas to handle the terminated employees in the delimited orgunit will be of great help...
  Regards,
  Vani.

  Hi,
  We are using DFCON = 4 and it is working for us. Try this way. If the user terminate then fill the Org Key in IT0001 with some Value YYY and then use this value in P_ORGINCON Filed Value VDSK1 = YYY and also PA restriction.
  Or Write a FM to get the terminate pernr to users structure and use the Context it may work.

• Training Structural Authorization vs MSS/ESS

  Good day all.
  We're maintaining structural authorization for Training module. The requirement is to be able local company maintain theirown training and regional training can maintain the regional training.
  In OOSP we're maintaining object type L only. For the same object id we're using two evaluation path SCMCATAL and L-D-E-§.
  Unfortunately when we assign certain SAP id (manager) to this structural authorization, this manager can't see his/her subordinate. It saying that "No authorization for reading data". When I remove this user from structural authorization this manager is able to see his/her subordinate.
  Is there any others requirements from HR or additional (BASIS) authorization to rectify this issue?

  Hi
  We are maintaining structural authorization in E-learning. Thre is two departement 1 and 2 . Now for few courses are for dep-1 and few are only for dep-2 .
  This structural authorization is already maintained in ESS now we migrated all the data in e-leraning now my problem is how i can use this structural authorization for E-learning as objects are same just Transaction codes and one Appraisal object is differnt.
  Thanks
  Waiting for reply.
  Nutan