Training Structural Authorization vs MSS/ESS

Good day all.
We're maintaining structural authorization for Training module. The requirement is to be able local company maintain theirown training and regional training can maintain the regional training.
In OOSP we're maintaining object type L only. For the same object id we're using two evaluation path SCMCATAL and L-D-E-§.
Unfortunately when we assign certain SAP id (manager) to this structural authorization, this manager can't see his/her subordinate. It saying that "No authorization for reading data". When I remove this user from structural authorization this manager is able to see his/her subordinate.
Is there any others requirements from HR or additional (BASIS) authorization to rectify this issue?

Hi
We are maintaining structural authorization in E-learning. Thre is two departement 1 and 2 . Now for few courses are for dep-1 and few are only for dep-2 .
This structural authorization is already maintained in ESS now we migrated all the data in e-leraning now my problem is how i can use this structural authorization for E-learning as objects are same just Transaction codes and one Appraisal object is differnt.
Thanks
Waiting for reply.
Nutan

Similar Messages

  • MSS/ESS training required in Banglore

    Hello Xperts,
       I would like to get a training in MSS/ESS either in batch/Individual in short term period, my preferred location is Banglore, If any one hav idea of any institutes/personal trainers pls let me know, pls mail me to [email protected]

    you might want to ask that question over in the E-Business Suite forums, or perhaps look up 'location' on Oracle's education website at http://education.oracle.com (and remember to set your country).

  • MSS genericiview and R/3 structural authorizations

    Hi,
    I have created some iViews based on par-file "eeprofilegenericiviewtable" to display R/3-queries. In R/3 we use also structural authorizations for the managers with functional module RH_GET_MANAGER_ASSIGNMENT.
    The structural authorization is working in R/3 for a selected manager selecting a query directly from the R/3 via SQ01, but it doesn't in the iview. When the same user is viewing the "query"-iview, the message "No data selected" appears.
    When I assign the user a structural authorization without the functional module RH_GET_MANAGER_ASSIGNMENT, e.g. only with some object types, the user can retrieve data without any problem using "query"-iview.
    Probably the problem is in the functional module HR_INFO_GET_USING_QUERY used for retrieving R/3 query data from the portal and used by the iview eeprofilegenericiviewtable.
    Has anybody met a similar problem? We are using EP6.0 SP14 and SAP R/3 4.6C.
    Beata

    Hi Dwayne (and others!),
    Were facing similar problems with the error message "R3_CONNECT_FAILED". However, our difficulties are a bit strange because i only occurs on one of our two server nodes. We're running SAP EP 6.4, SP9.
    Previously, we've had problems with the maximum number of connections towards our backend system, SAP R/3. But setting the environment variable CPIC_MAX_CONV helped us.
    However, now we get the above error, but only on one of our server nodes. Do you (or anyone else) have any suggestions as to what might be wrong?
    Thanks in advance,
    Rasmus

  • Structural Authorizations with Training & Event Management

    We have implemented TEM in R/3 4.72.  We also use structural authorizations with our decentralized HR functions.  Our problem is that if a user has one of the profiles assigned, they can get all the way to booking the class and then receive an error that they have no authorization to edit attendances.  If the user has NO profile, they are able to book a class with no problems.  If I add the P-E evaluation path in the profile, it fixes the problem with booking a class, but then gives the users global access (which is what we are trying to avoid).  I know there must be a key somewhere to making this work.  If anyone knows what it is, I would appreciate finding out.
    In the profile, I have given access to objects D, E, F, G, L, R and P with the P-E and P-S-O evaluation paths (using RH_GET_MANAGER_ASSIGNMENT) function.
    Thanks.

    Hello Michelle,
    I think you could solve this issue by using Context Sensitive Authorizations. It is available from 4.7 and above.
    Regards,
    Ahmad

  • HR structural authorization

    Hello Friends,
    I am trying to get concept of HR structural authorization.  I have read the document " Structural Authorizations Step by Step, with Gotchas Too by Norm and Carl". After reading this document, what i have understood is In Structural authorization, we create PD profile eg: Manager, employee, ALL etc via transaction OOSP. And after that you assigned these profile to position via report RHPROFL0 or manually via transaction OOSB.
    But what i am not able to understand is
    1.How do this profile Manger, Employee etc will work? How do Users get authorization. What types of activities Uses are able to perform?  What type of data user will have acess to? Do users get authorization to transaction like PA20 or you still need additional role that is created via PFCG.
    2. What my understanding is Users who are in the top Hierarchal nodes or structure (eg: manager) is able to access data of employee below him. Do we still need to create roles like MSS and ESS role via transaction PFCG?
    If somebody can clarify, I will really appreciate.

    Hello Mate,
    Have a loook at this thread, this may help .
    Re: How to Restrict HR Org Structure from other Org Structures
    Regards,
    Regi

  • Need Clarification Regarding Structural Authorization

    Hi Gurus,
    When you do need to implement Structural Authorization? How do you know when you don't need it?
    I'm currently on an ECC6 implementation project and was informed that we do not need to implement it even though we are implementing the HR organization structure along with ESS and MSS.
    Your inputs are highly appreciated.

    for one it can be useful to implement structural authorizations when you want to restrict not only on the enterprise structure (e.g. personnel area, employee group etc.) but also on organizational atributes (position, org. units and the likes).
    this decision is purely based on the requirement of your company's security demands.
    as for your second question, I assume that there is a misunderstanding of terms.  HR roles as such are the same as non-HR roles in so far that they can be assigned to the user directly through SU01 or PFCG.
    the advantage of having an org. structure is that you may also assign the roles through this structure as well.  this in itself has nothing to do with whether you would want to implement structural athorizations.
    I hope to have clarified things a litlle for you.

  • Structural Authorization in e-recruiting

    Hello all
    We are implementing e-recruiting 603 ehp4 in standalone scenario. By customer requirements, the "recruiter" role was assigned to all manager therefore the standard service "Create requisition request" from MSS is not in use. So  structural authorization we need for the manager to create requisition for his position only.
    So, someone know how to perform this or tell me how to complete the table T77PR -the function module, evaluation path, object  type and so on-
    As always, thank you a lot
    Regards
    E. Ciotta

    Hello Emilio,
    Structural authorization in e-recuitng are a mess (although I have not found any official documentation which states "It won't work" and solution management says that there is no restriction sap support answers on customer request for that topic that it is not supported).
    Trouble with your requirement is when you restrict the structural authorizatuion on positions for the manager and anywhen run internal job market the manager could not access the position information on a publication if he wants to apply as internal candidate anywhere else in the company. Could get quite tricky to solve this (next to all other issues on this topic).
    If it is just about restricting the search I would exactly do this. Either per modification or by a customer development I'd restrict the search result by the structural information without actually switching on structural authorizations.
    For getting the positions you should be able by using an evaluation path for direct and indirect positions of a manager or if not available use employees under a manager. If it does not skip the positions they should be contained in the result. If not copy it and remove the skip flag (and S-P relation as it is not needed). Unfortunately I cannot say which evaluation paths are really standard as most systems I use are enhanced here.
    path should be like:
    NR    Obj.    A/B    Rel.    P    Rel. Obj.    (Descr. Info)
    10    P       B      008     *    S            (get position for employee)
    20    S       A      012     *    O            (get org.units the position is leading position)
    30    O       B      002     *    O            (get all other org.units under the org. unit assuming manager may see all levels)
    40    O       B      003     *    S            (get all "normal" related positions in org.units)  
    50    O       B      012     *    S            (get all leading org.units - could be more than in 10 as we have several org.unit levels)
    Best Regards
    Roman

  • Structural Authorization views not displaying in EP

    We are using PD profiles to allow managers in an alternative org unit to approve time in MSS for employees not in their org unit. When you log onto the Enterprise Portal in the MSS Team Overview iview the manager cannot see the employees from the other org unit defined in the structural authorization. He can only see his own employees for his org unit. However, in transaction OOSB when you click the Display Objects button you see the positions and persons that should be visible
    to the manager.  We have assigned the profile through both PO13 to the position and OOSB directly to the user. We make sure to run RHPROFL0 after assignments
    of the profiles. HR has created a custom relationship Z99 and assigned to the positions for the alternate org unit.
    We had a scenario working in our sandbox at one time but we could not reproduce this in the development system.  Any tips would be greatly appreciated.

    Hi John,
    I know SAP_ALL doesn't matter but I wanted to rule out all possibilities of any standard authorization issue to isolate the PD profiles as the real issue. 
    To answer your question, the user can see his own org unit and subordinate employees in MSS.  The manager is a chief and manages his org unit.
    A colleague of mine mentioned that there may need to be some configuration established for the iViews in question so I put it to the HR functional team to confirm the correct customization is set up in the IMG for Integration with Other mySAP.com Components > Business Packages/Functional Packages > Manager Self-Service (mySAP ERP) > Object and Data Provider.  I'll report on the status of this as well when I hear back from them.  Thanks again.

  • Structural authorization - creation of employee number in webdynpro or abap

    Hello Experts,
    We are facing some problems with the combination of structural authorizations and the creation of a new employee.
    When we use PA40 to create a new employee this does not give any problem.
    In the webdynpro we first execute a call transaction PA40 to apply infotype 0000 and 0001. This works well.
    Except that the call transaction does not set the connection between PA and OM. (so we did program this ourselves)
    In PO13 and the table HRP1001 the same relations are made as when we use PA40 in the sap gui.
    After this we do call transactions PA30 for the next infotypes.
    When we check the SU53 it gives a message: problems with structural authorizations object P (with the employeenumber) starting at 01.01.1800, enddate is empty.
    The employee is manager and connected with his userid in infotype 0105.
    We use in the structural profile the function module  RH_GET_MANAGER_ASSIGNMENT
    We checked with transaction HRHAUTH.
    User has been adjusted to the tables T77UA etc.
    We do not use workflow in this webdynpro
    We used the trace function when this was executed, but it did not give more information about missing structural authorizations.
    This issue was before on SDN (Structural authorization - creation of employee number) but unfortunally there was no solution there for the issue!
    Hope one of you can help me to find the solution!
    With kind regards,
    Rita Mensink

    Hi.
    After 2½ days of frustration I finally nailed this.
    Function group RHAC, that handles the authority checks, initially buffers a table called VIEW containing all objects available for the user. As stated earlier in this conversation, SAP handles creation of relations in HRP1001 (links PA and OM). At this point the new employee number is appended to buffered table VIEW in function group RHAC.
    When execution the PA40 activity through CALL TRANSACTION, the creation of the relations are not handled - and the same goes for updating the buffered table VIEW. The table can be updated using the function module RH_VIEW_ENTRY_INSERT from the same fundtion group:
    This example might be useful
      data: ls_view_entry type hrview,
            ls_related_object type hrobject.
      ls_view_entry-plvar = '01'.
      ls_view_entry-otype = 'P'.
      ls_view_entry-objid = lv_pernr.
      ls_view_entry-begda = '18000101'.
      ls_view_entry-endda = '99991231'.
      ls_view_entry-maint = 'X'.
      ls_related_object-plvar = '01'.
      ls_related_object-otype = 'S'.
      ls_related_object-objid = lv_ny_objid.
      call function 'RH_VIEW_ENTRY_INSERT'
        exporting
          view_entry     = ls_view_entry
          related_object = ls_related_object.
    Best regards
    Poul Steen Hansen
    Senior Technical Consultant
    EDB Consulting Group A/S, Denmark

  • BW/HR structural authorization in BI 7.0 version

    Dear experts,
    Can anyone please explain how to extract HR structural authorization from R/3 to BW 7.0, and how to configure the authorization in the BW, I hope everyone can give me a work flow.
    Thanks.

    Hi Auke, thanks for your answer.
    Changes inside the user profile are working, but deletion don't. And yes, the meaning of this is that user should not have role anymore.
    I saw help documents with some procedure using D_E_L_E_T_E user. I didn't understand. Do you know something about that? Is that maybe the right way?
    Thanks,
    Thiago

  • How To Create ABAP Code For HR Context Sensitive Structural Authorization

    Hello,
    We have created a HR Custom Program which IS NOT built off the PCH or PNP Logical Database. As a result, we need to manually create ABAP code for HR Context Sensitive Structural Authorization Check in our custom HR program. Via HR Context Sensitive Structural Authorizations, we are restricting access to personnel numbers and the underlying HRP* tables.
    Any assistance would be greatly appreciated with the identification of the SAP standard function modules (Ex. RH_STRU_AUTHORITY_CHECK, HR_CHECK_AUTHORITY_INFTY, HR_CHECK_AUTHORITY_INFTY , etc) used in HR Context Sensitive Structural Authorization Check, how they are used to control HR Structural authorization (P_ORGINCON), and some sample code.
    Thank you in advance for all your assistance,
    Ken Bowers

    Hello Ken
    You can use the interface methods IF_EX_HRPAD00AUTH_CHECK to get the same structural authorization as you can see in PA20/PA30. You need to use the methods set_org_assignment and check_authorization for this purpose. For more information you can refer to include FP50PE21 from line 237 onwards till 270.
    Regards
    Ranganath

  • SAP BI 7.0 Transport issue with HR Structural Authorization DSO

    Hi,
    I am trying to transport HR Structural Authorization DSO Objects in  BI 7.0  from Dev to QA system. The Data sources are 0PA_DS02 and 0PA_DS03. ( I am sure that there are lots of changes in Authrorization concept in BI 7.0),.
    1. Please suggest me if I need to make any changes and tests before moving these authorization objects to QA system.
    2. Also, do I need to take any pre-cautions while activating business content objects 0TCTAUTH  and 0TCTAUTH_T (Datasources look like are from 3.x) as I am getting issue with the activation of the transfer structure for these objects?
    Thanks a lot for your valuable inputs.
    Regards
    Paramesh
    Edited by: paramesh kumar on May 5, 2009 12:45 AM

    Hi Paramesh.
    You can use the DSOs 0PA_DS02 and 0PA_DS03 in BI7.0 as well. You just need to use the new generation of analysis authorizations in transaction RSECADMIN.
    You can use 0TCTAUTH and 0TCTAUTH_T in BI7.0, however we have experienced som problems with the 0TCTAUTH_T extractor, which dumped because of a poorly designed SELECT statement that was unable to cope with 10000 records. We have replaced it with a generic data source that uses table RSECTEXT directly.
    Regards,
    Lars

  • Error Occured when Applying Structural Authorizations in E-Recruitment

    Dear Experts,
    The E-Recruitment functionalities were working fine when no structural authorizations are applied. However, when structural authorizations are configured for the user on the backend SAP system (I configured structural authorizations for the user to have access to only his own department), the E-Recruitment module does not work.
    When I tried to access requisitions-> maintenace, application management->applications, etc, (i.e. when the E-Recruitment module tries to retrieve data from the backend), the the following error message occurred.
    Error when processing your request
    What has happened?
    The URL http://<hostname>:<port>/sap/bc/bsp/sap/hrrcf_start_int/application.do was not called due to an error.
    Note
    The following error text was processed in the system ABC : <b>RAISE EVENT statement nested to deep.</b> The error occurred on the application server XYZ and in the work process 0 .
    The termination type was: RABAX_STATE
    The ABAP call stack was:
    Method: ON_CHANGE of program CL_HRRCF_INFOTYPE=============CP
    Method: INSERT_RECORD of program CL_HRRCF_INFOTYPE=============CP
    Method: READ_RECORDS of program CL_HRRCF_REQUISITION_INFO=====CP
    Method: GET_RECORDS of program CL_HRRCF_INFOTYPE=============CP
    Method: GET_RECORDS_BY_DATE of program CL_HRRCF_INFOTYPE=============CP
    Method: ON_REQUISITION_UPDATE of program CL_HRRCF_REQUI_BL=============CP
    Method: ON_CHANGE of program CL_HRRCF_INFOTYPE=============CP
    Method: INSERT_RECORD of program CL_HRRCF_INFOTYPE=============CP
    Method: READ_RECORDS of program CL_HRRCF_REQUISITION_INFO=====CP
    Method: GET_RECORDS of program CL_HRRCF_INFOTYPE=============CP
    Please advice if E-Recruitment supports structural authorizations. If it does, are there additional configuration required to enable structural authorization. Kindly enlighten me on how to resolve this error. Any help will be much appreciated.

    Hello Louis,
    I implemented e-recruiting with structural authorizations for a customer and encountered exactly the same error. Anything in the e-recruiting implementation leads to this problem. When you miss some object authorizations the implementation generates an infinite callstack which results in this short dump.
    So be sure you assigned all necessary objects to recruiters and also candidates (NA, NB, NC, ND, NE, NF, BP, CP, P, Q, QK, VA, VB, VC) but this might be difficult esp. with the P object, when you use structural authorizations for other purposes, too. This usually generates problems in manager involvement (e.g. manager can't choose a recruiter to approve his requisition as he has not the structural authorization for the hr department members).
    It is also a bit strange that candidates need for example change rights for the requisition (NB) although they won't actually change it but without it the relation application->requisition, candidacy->requsition cannot be created correctly.
    Last but not least be always sure that you refreshed the authorization buffers after changing structural authorizations. They are usually switched on for better performance.
    Best regards
    Roman Weise
    PS: be aware that using structural authorizations will keep you busy for some time. we needed ~2 months to set up the system in a way that e-recruiting worked as the custoimer wanted without interfering any other productive hr component (admin, org. mgmnt., managers desktop).

  • MSS/ESS - PCR application

    Hi all,
         I'm new to the BP MSS/ESS and before make any change on WD applications, I would like to read your advices.
         We need to create a validation on PCR(everytime a PCR is submitted several Infotype fields must be checked), where should I go for these changes? Straight on STD Web Dynpro application(in this case is MSS/PCR application) or is there a t table on SIMG_SPORT customization which I can provide this validation? How would you guys proceed on this case?
    Thanks,
    André

    Hi Andre
    This is part of the J2EE setup, you need to create an HTTP setup using Visual Administrator as described in the following link
    http://help.sap.com/saphelp_erp2005vp/helpdata/en/43/27098edb036025e10000000a422035/frameset.htm
    Thanks
    Michael

  • R/3 reports related to structural authorization

    Can anyone advise which standard reports/transcation codes in R/3 relate to structural authorization? are some better than others? I am interested in viewing allowable objects etc,.
    Thank you,
    Meghan

    Hi Jim,
    As you have mentioned you have worked a lot on structural authorizations,
    I would request you to kindly help us on the below mentioned scenerio..
    Issue : (Scenario)
    C directly reports to B, and B Reports to A.
    In the above scenario we have logged as B and did the compensation planning for C. A is the approver for the C’s compensation planning.
    As C is HOD for HR Org unit. He will submit compensation plans of his subordinates to B for approval. That means B has to have approval authorization for C’s subordinates and he should not have approval authorization for his direct reporting employees.
    In our scenario, B is able to perform the compensation planning as well as able to approve the same for his direct reporting employees. This shouldn’t happen in our process.
    How can achieve this, Please advice
    Regards
    Raghav

Maybe you are looking for