04-14-2010 7:17 AM
Dear all,
I am created role for example "A" which is authorizes to only creation of infotype for example 0002 in role "A" master data
Authorization level w,R
Infotype 0002
Personnel Area *
Employee Group *
Employee Subgroup *
Subtype *
Organizational Key *
but i am unable to understand how to give only infotype change and delete authorization to role "B"
please guide me and also what is the simple definition of ( what function in authorization in simple way )
S (write locked record; unlock if the last person to change the record is not the current user),
E (write locked record),
D ( change lock indicator )
Regards
Rayyan
04-14-2010 9:29 AM
you are talking of object P_ORGIN, I take it?
Go to tx. SU21 --> HR --> P_ORGIN --> Authorisation Level (doubleclick with mouse) --> 'Show object documentation'
The documentation is actually really good and plausible. It makes much more sense, you read it there instead of my trying to describe it here ...
04-14-2010 9:01 PM
Shahid,
There is not a way to seperate the Create/Change/Delete functionality on HR Infotypes for objects like P_ORGIN. Unfortuntally these are the limiation of SAP HR Security only using the "W" authorizaiton. At my client we had to build processes around this and ensure correct HR Master Data group was centralized for responsibity and authorizations as well as turned on audit logging for reporting.
Thanks,
Matt
04-20-2010 7:18 PM
Hi,
Review this function module with an ABAP Consultant or yourself.... (tx. se37)
- HR_READ_INFOTYPE_AUTHC_DISABLE
Hope it helps you...
--
Alexis Sánchez
SAP ABAP Development Consultant
Molen Services and Consulting, C.A.