T77PR structural authorisation - each employee access only to his own data

Similar Messages

• Is it possible to recharge multiple iPhones on the same computer but have each iPhone backed up with its own data?

  I have multiple iphones, one for personal use and one for work.  I would like to backup and recharge both on my MacBook Pro but do not want the information on the personal one to be on the work one.  My personal iPhone is 64 GB and the work one is 16 GB so the data from my personal iPhone would would not fit on the work iPhone  Both are running iOS 7.1.2 and the MBP is 10.9.4

  Disable automatic syncing - http://ipod.about.com/od/iphoneipodbattery/qt/disable-auto-sync.htm e.g. for charging device on another computer.

• Who's Who with Structural Authorisations

  Hi,
  We have implemented structural authorisation.
  When manager logins to portal and view Who's who he is able to see only team members data.
  Instead our requirement is to view all the employees data in Who's who though manager has structural authorisation profile.
  Structural authorisation we have implemented only for the user who are (PORTAL+R\3).
  << Moderator message - Everyone's problem is important >>
  Thanks,
  Usha
  Edited by: Rob Burbank on Oct 18, 2010 3:39 PM

  Check the following link:
  Authorization Made Easy
  http://www.slideshare.net/Juanfe1978/1ux2y54tcwomq2gtx7pd
  Authorization Concept for SAP Student Lifecycle Management
  http://www.sdn.sap.com/irj/bpx/go/portal/prtroot/docs/library/uuid/409acd1d-75d1-2a10-4a91-dadabd18e1ff
  Technical Considerations in Global SAP BW HR Implementations
  http://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/505351fe-ec8c-2910-c5b5-a43bbf53f6fc
  Hope this help you.
  Regards

• Structural authorisation along with organisational key

  Hi All:
  The scenario is:There are 8 company codes(8 diff countries) with 8 diff Personnel areas.A user needs to have access to all employees in his country and secondly, all the HR employees spread over all other company codes in different org units.
  I can create role using P_ORIGIN with that PA and assign to the user but how do i provide him access to all other HR employees.Structural Authorisation would restrict access to a specific org unit which doesn't suffice both criteria as it overrides org key.
  Helpful answers would be duly rewarded.
  Regards,
  Kmaini

  Hi,
  Structural authorization does not overwrite org.key.
  You need to customize structural authorization accordingly.
  For example, you have 8 company codes associated with personnel areas PA01-PA08. You are trying to create role for company code 1.
  1. In P_ORGIN you give access to all personnel areas PA01-PA08.
  2. For structural authorization you create following entry points:
  - root org.unit for company 1
  - HR org unit for company 2
  - HR org unit for company 3
  - HR org unit for company 4
  - HR org unit for company 5
  - HR org unit for company 6
  - HR org unit for company 7
  - HR org unit for company 8
  Cheers

• When sending an email how do I set the address when sending to multiple recipients so that each recipient only sees his or hers address and not everyone else

  I would like so send emails to multiple addresses yet I want each recipient to only see his or her address

  This question isn't related to Mozilla Firefox. However, I can still answer your question. In the 'to' field, put your own e-mail address and put each recipient's address in the BCC field. This way the only address seen is your own.
  Please try to post in the appropriate forum next time. (Thunderbird, Gmail, etc.)

• Controlling access to Oracle Mapviewer spatial data through VPD

  I am building a web GIS application in Oracle Application Express (APEX) and have used the Virtual Private Database feature of Oracle Database 11g Enterprise Edition so as to ensure row level security. I've integrated APEX with Oracle Mapviewer through Oracle Maps API in order to display a map.
  VPD feature is working properly through the command prompt at the database level but I also need to use the VPD policy at the application level so that each authenticated user can only see his own spatial data on the map.
  So far I have accomplished that by creating as many data sources as the number of application users on the mapViewerConfig.xml file. Every time a user logs in the web GIS application, the correct data source is being employed.
  I was wondering if there is any other parameterised way that I can perform this access control functionality without having to create all these data sources.
  Many thanks in advance.

  Yes you can define a single "secure" MapViewer data source to achieve VPD or make use of your database VPD setup. For more details and how to get the Apex app user to MapViewer and then onto VPD you can check out my blog post here: http://oraclemaps.blogspot.com/2008/09/apex-oracle-maps-and-secure-mapping.html
  hope this helps,
  LJ

• Structural Authorisation access issue

  HI
  I am currently trying to implement Structural Authorisation.  I have run into a problem and hoping someone maybe able to help.  The problem I have is that when a user searchs for employee's in PA20/30 the results show all employee's that are part of the org unit that the PD profile is restricting.  However it also includes users that were part of the org unit at some stage.
  Now in PA30 the user does not get the header for these users but is able to access/modify some infotypes.  I am not sure but I think there is a setting somewhere that will limit the PD profile to only display current employee's of the org unit only but for the life of me can not remember or recall where it is.  Can anyone help with this?
  Any help will be appreciated,
  Many thanks in advance.

  Hi,
  Did you verify the values for the
  Switch ADAYS "HR: Tolerance Time for Authorization Check"
  in Transaction OOAC.
  Depending on the number of days mentioned.
  The person would have access to old Org Unit till the tolerance period if he modified information in that org unit.
  Actual SAP documentation:
  HR: Tolerance Time for Authorization Check (ADAYS)
    Use
      The tolerance time for the authorization check specifies the length of
      time, in the case of an organizational change, that the personnel
      administrator has access to the data he or she created for a person if
      this person already has an organizational assignment outside of his or
      her authorizations.
    Input values
      The tolerance time for the time logic for master data infotypes is
      specified in calendar days. In the standard SAP system, the value of the
      switch is set to 15 (= 15 calendar days). When this switch is active,
      that is, when it contains a value greater than 0, organizational changes
      that result in the loss of a particular authorization take effect in
      accordance with the tolerance time.
    Example
      ADAYS is set to 15. In the system, only checks with P_ORGIN are active.
      Administrator A has read and write access to data in personnel area A
      while administrator B has read and write access to data in personnel
      area B. It is assumed that for all infotypes the time dependency of the
      authorization check (switch T582A-VALDT) is active.
      A personnel number was assigned to personnel area A until 12/31/9999. As
      of 01/01/2000 this personnel number is assigned to personnel area B. The
      period of responsibilty of administrator A ends on 12/31/9999 but due to
      the tolerance time, he or she continues to have unrestricted read and
      write access to data until 01/15/2000 (inclusive). However, as of
      01/16/2000, he or she no longer has write access to data. Nevertheless,
      the administrator still has read access to all data records with a startdate prior to 12/31/9999.

• Structural authorisation performance issue

  Hi,
  For our customer we have the HR-PD object authorisation activated. We now encounter performance issues in the buffering of objects. We have set the buffer/refresh two times a day but this has a huge impact on the resources and hence performance of the system. We actually need to set the buffer to be run more then two times a day (once a half hour) but this is now out of the question.
  Are there any settings, configuration, or something else that can be done to improve performance.
  Business Scenario: in SAP SLcM* a student is already admitted for a program on faculty (O-unit) X. After a couple months the student is admitted to another faculty (Y) by an employee of that faculty Y (that proces is without authorisation).From that moment on the structural authorisation gets in place. Also on this moment the student is not visible to the employee of faculty Y. After the run of the buffer the student is visible again.
  br,
  Rob
  *Also works with HR-PD objects and the structural authorisation from ERP-HCM. SAP SLcM is a industry solution for the higher education market.

  >
  Rob Jonkers wrote:
  > Hi,
  >
  > For our customer we have the HR-PD object authorisation activated. We now encounter performance issues in the buffering of objects. We have set the buffer/refresh two times a day but this has a huge impact on the resources and hence performance of the system. We actually need to set the buffer to be run more then two times a day (once a half hour) but this is now out of the question.
  >
  > br,
  > Rob
  >
  > *Also works with HR-PD objects and the structural authorisation from ERP-HCM. SAP SLcM is a industry solution for the higher education market.
  Hi rob, what exactly is meant by refreshing the buffer two times a day?  Are you running the program RHBAUS00?  If so, have you considered tweaking what gets indexed by using program RHBAUS02.  Here you can increase threshold, which should limit what type of users actually get buffered when the program runs (so only users with access to many auth objects will actually be indexed). 
  Let me know if this helps.
  Best Regards,
  Michael

• Structural Authorisation & Position Based Role Mapping ( Indirect Roles)

  Hi
  I have few queries on Structural Authorization & Position Based Role Mapping (Indirect Role Assignment).
  This is a public sector implementation. We are migrating from the traditional based (assigning roles to users) to Indirect role assignment.
  1. Can we integrate both structural authorizations and position based role mapping in one system?
  2. If we implement structural authorizations and position based role mapping in a single system, then do we need to assign the role to the chief position or it would automatically have the authorizations which are assigned to the users below chief position.
  3. First step do we need to create the users in SU01 / SU10 or can we create the entries in PA30. Which one comes first or both independent.
  4. If the user moves from one position to the another position then there would need to be a grace period of shift over of Roles. Where do we maintain the shift over value of days. Do we need to maintain in both.
  Any help or suggestions on the above would be appreciated.
  Thanks and Regards
  Arun R

  Hi
  1. Can we integrate both structural authorizations and position based role mapping in one system?
  Yes you can.  Structural authorisations and position based role mapping can be assigned to the same org plan in SAP.
  2. If we implement structural authorizations and position based role mapping in a single system, then do we need to assign the role to the chief position or it would automatically have the authorizations which are assigned to the users below chief position.
  No, the SAP role is unique to the postion it is assigned to. But remember not all employees will be assigned to a position - in this case you have to assign the sap role directly to the user in SU01/SU01
  3. First step do we need to create the users in SU01 / SU10 or can we create the entries in PA30. Which one comes first or both independent.
  Create user in SU01.SU10 first before creating infotype 105 in PA30.
  4. If the user moves from one position to the another position then there would need to be a grace period of shift over of Roles. Where do we maintain the shift over value of days. Do we need to maintain in both.
  *When a users assignment in the org structure changes then you must run RHRPROFL0 to update the user assignment to the new position.   
  Also the number of days an employee can have access to their previous data is controlled by the parameter is called ADAYS - tx OOAC .  SAP currently defaults this to 15 days and this is used  to control the number of days that the employee can still access the data they created even though they are assigned to a different organisation with different authorisations.
  Hope this helps.
  Charmaine

• Concurrent Employment and MSS ( Structural Authorisation)

  Hi
  We are having some problem with Structural authorisation in case of concurrently employed users. The scenarios is as follows
  1. User A is manager and have MSS role and relevant PD profile
  2. User P is employee . This employee is concurrently employed. one position of this user is in the organisation unit of manager A and the another position for this
  The problem is that the manager A is unable to approve the form submitted by the employee P. if we remove concurrent employment it start working again.
  I can see that Manager has structural access over employee P in tcode OOSb
  Any suggestion will be welcome
  Parveen

  Hi
  The problem we were having is that index was not updated. So inspite of having access to the user i was not able to approve the form. I have regenerated the index via report rhbaus00 which fixed the problem
  Parveen

• Problem in Structural Authorisation

  Hi All,
  scenario: There is CEO, of a org unit say ABCpvt Ltd. This root org unit has many sub units, depts & positions.
  This CEO, should need to view only his org units & positions which come under ABC pvt Ltd, & he should not able to view other depts & units.
  For this i want to create structural authorisation,
  1.hence I created a user eg: RKRao(CEO)
  2.I created a role through PFCG.
  3.I creeted stucrutal autho through OOSP, OOSB...
  4.I maintained infotype  IT 0105 communication, then OM IT 1017(pd profiles infotype)
  When I went to test this user, it is not showing me the desired data, which he is liable to seeunder his org unit ( i.e ABCPvt ltd, units, positions ,jobs etc)
  Hence can any one tell me where I am wrong, I have maintained all the neceaary transaction needed for structural autho
  Pls help me out in this!  <b>points are assured</b>
  Regds,
  NithiBabu

  Hi Nithi,
  The pre-requisite for configuring Structural Authorization are:
  A)PLOGi – ORGA
  TCode: OOPS
  This switch activates the integration between Personnel administration (PA) and Org Management (OM). Ensure this switch is ‘on’ before setting up the Org Plan; structural profile etc.  Turning the switch ‘on’ is a mandatory prerequisite before other setups are initiated.
  B) In case of OOAC,Following switches need to be set to appropriate values (switching on) for structural authorizations:
  1.     ORGIN : HR master data: Value “1” mean its activated
  2.     ORGPD: HR Structural authorization check: Value “1” means it is activated. This is mandatory for Structural authorization to work (see note).
  3.     PERNR: HR Master Data: Personnel number check activation: Value “1” mean it is activated.
  4.     ADAYS: Tolerance time for authorization check: The value entered here is the number of days for tolerance limit. This determines how many calendar days the user has access to the data he or she is entitled to, after the organizational change. For example “ADAYS = 10” means 10 calendar days of tolerance limit. In the standard system the value is set to 15; If the value is set to “0”, the organizational change causes the user to lose the authorization immediately upon change.
  C) After creating the Authorization Profile in OOSP
  IMG > Personnel mgmt > Org Mgmt > Basic Settings > Authorization Mgmt > Structural Authorization > Maintain Structural Authorization Profile
  Select the Profile and double click the Authorization Profile maintenance in the dialog structure on the left of the screen
  1.     Accessible Org Mgmt Objects are determined by the settings defined in this step. This step determines permissible Objects for the user.
  2.     Permissible objects can be defined in more than one ways. By directly identifying the Object ID’s (optional) in the Object ID field. Or through an Evaluation Path (optional) which ensures that users are only authorized to access objects along a particular path in Organization structure or plan. If an Evaluation path is specified, Object ID needs to be specified which determines the root object for the evaluation path Or via a function module which determines the objects the users are authorized to access.
  3.     If function module (optional) is specified, the Object ID need not be specified and depending upon the logic of the function module, evaluation path may or may not be specified. The usage of Function module to determine authorized objects provides flexibility that is not available via Evaluation path.
  Hope this further clarifies your doubt.
  Regards,
  Raj

• Structural authorisation in OOQA catalog

  Hi All,
  I have 3 groups of trainings in qualifications catalog such as Regulatory, soft shills and IT training and we have to give Regulatory group access to regulatory qualifications only and soft skills folks can access and maintain only soft skills qualifications and vice versa So i am not sure from authorisation point how do i control each group of qualifications. Any inputs are appreciated,
  Thanks

  Hello Medha
  I think you'd be able to restrict using authorization object PLOG (for personnel planning). Maintain value interval for object type QK (denoting your 3 different qualification groups) . So if 'Soft skills' person needs to edit/access only the 'soft skills QK/Q' objects , restrict using QK object ID in the value interval for PLOG authorization object.
  Another way to restrict maintenance via ESS is using the 'root qualification group' setting in IMG (PA-PD-ESS)
  Hope this helps u
  Reema

• How to apply Structural Authorisations for Report

  Hi All,
  We are using structural authorisations in our project and it is working fine for all processes. But we are facing problem for reports.
  Kindly guide on How to apply structural authorisations to SAP Standard Reports and Custom reports.
  Thanks & Regards,
  Prashant

  Hi Prashant,
  Yeah LDB is a good way of implementing Structural auth. Apart from that you can assign the Authorization Group in the Z-report attribute. So users who are part of this group only can access this report. This also applies to the standard reports as they are already assgned to standard Authorization Groups.
  Br/Manas

• ITunes purchased when restored from back-up wants me to authorise each one

  Original pc 'died' - hard disk error but I managed to back-up my ITunes libraries to an external drive. I have copied the contents to my new laptop but they are not appearing on my ITunes library (similar to HUGGYUK previous problem). When I attempt to play the music which I had already paid Apple for on my old pc, it keeps asking me to 'authorise' each item. I then attempt to sign in and it does not recognise my sign-in although I can use this sign-in to access the ITunes store. So I now have 'bought and paid for' 1100 records approx which I cannot use.
  Help,please

  Taking the first issue. If you copied the iTunes folder from your old PC onto the external disk, and you had all your tracks in the iTunes Media folder in the iTunes folder, then it should be very simple.
  In order to check if things will work - that is to say this is a test not the answer.
  Plug in your external drive. Then hold down the shift key and start iTunes. Keep holding the shift key until you are prompted to choose a library. Navigate to the iTunes folder on the external drive and choose iTunes Library.itl.
  If you do this, do you get your old library back as it was on the old PC?
  You can switch back to your internal drive again by repeating the shift key start and choosing iTunes Library.itl in the iTunes folder on the internal drive.
  On the authorisation issue, did you try the things I suggest adn if so what was the result?
  Tracks bough from the iTunes store some time ago were DRM protected so the PC needs to be authorised to play them. The tracks will be Protected AAC files if you look on the general tab in Get Info and the files will have the extension .m4p.
  More recent purchases are not DRM protected and will show as Purchased AAC audio file.

• Want to print the whole month with or without overtime for each employee

  Hi,
  I have Oracle forms/reports10g R2, Below query returns employee overtime correctly but I want to add the whole month with it in simple words if one employee have overtime for five days in a month I want the query to return the whole month including five overtime days for each employee and let say if we have ten employees query return whole month for each employee either he have or overtime or not how can I implement this in report it becomes agony for me, anyone please suggest a solution.
  Thanks and regards, Khawar.
  ---Query---
  select o.ot_date , o.start_dt_time as start_time, o.end_dt_time as end_time, o.ot_details, et.holiday, et.staff_id, e.staff_name, e.desig
  from overtime o, emp_ot et, employee e
  where o.complain_no = et.complain_no
  and o.inc_type_code = et.inc_type_code
  and et.staff_id = e.staff_id
  order by 1, 2, 3, e.staff_id

  Hi Michael,
  Thanks for reply, I think I didn't explain as I should, I want to print Overtime report for each employee let say employee A123 did overtime for five days in DEC than what I want is to print report for employee A123 for the whole month means when I print report blank cell should come where A123 don't have data (I mean other 25/26 days).
  The structure of tables are as
  SQL> desc overtime
  Name Null? Type
  COMPLAIN_NO NOT NULL NUMBER(5)
  OT_DATE NOT NULL DATE
  START_DT_TIME NOT NULL DATE
  INC_REF_NO NUMBER(5)
  END_DT_TIME NOT NULL DATE
  INC_TYPE_CODE NOT NULL VARCHAR2(10)
  DISTRICT_CODE VARCHAR2(6)
  BUSBAR_VOL VARCHAR2(5)
  OT_DETAILS VARCHAR2(2000)
  SQL> desc EMP_OT
  Name Null? Type
  STAFF_ID NOT NULL VARCHAR2(8)
  COMPLAIN_NO NOT NULL NUMBER(5)
  INC_TYPE_CODE NOT NULL VARCHAR2(10)
  HOLIDAY NUMBER
  Each employee associated with primary key i.e COMPLAIN_NO and INC_TYPE_CODE
  in each OVERTIME table record we may have more than one employee in EMP_OT table.
  above detail may clear my query.
  Thanks and Regards,
  Khawar.