cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

SAP_ALL authorization issue with ESS/MSS user id’s

Go to solution
Former Member

on ‎10-30-2014 6:49 AM

0 Kudos

Dear Guru's,

Inour production system we maintained the standard roles as "SAP_ALL" and "SAP_New" for all the ESS/MSS user id’s the backend(R/3) system, then only able to view all the data. in case we didn’t maintained the same roles we are facing some error.

Please help us to resolve this issue as early as possible. We are facing this issue in live system.

Highly appreciated for quick reply

Regards,

Seenu

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

former_member182426
Active Contributor
‎10-30-2014 8:48 AM
0 Kudos

You shouldn't assign SAP_ALL / SAP_NEW.

There is some standard roles delivered by SAP for ESS, which you can copy to Z and modify and generate it. This role you can assign to all ESS users.

Standard Composite role

SAP_EMPLOYEE_ESS_WDA_1 Employee Self-Service Composite Role

Single Role

SAP_EMPLOYEE_XX_ESS_WDA_1  This you can copy to Z and assign to all ESS users if your implementing for international countries.

For specific country, search as SAP_EMPLOYEE*ESS_WDA* it will list out all single ESS roles, copy the role based on your implementation country and generate it.

And the other 2 errors, it clearly says that the custom payslip does not exist. Check with your team that object ZPAYSLIP_TEST_2 is moved to PRD system or not.

And WDABAP application ZWD_ESS_ATT_REG is giving dump because of missing infotype 0001 data.

check with your technical team for above 2 errors.

Show replies
Show replies
Former Member
‎10-30-2014 9:08 AM
0 Kudos


Hi Shankar,

Thanks for reply,

Please help me on below points

My Implementation country is "India", for india what is the ESS & MSS Composite Role?

Thanks,

Sreenu

Former Member
‎10-30-2014 9:13 AM
0 Kudos

this is the role SAP_EMPLOYEE_ESS_WDA_1  and check below:-

Composite Role Employee Self-Service (WDA) - Business Package for Employee Self-Service (WDA) 1.50 -...

former_member182426
Active Contributor
‎10-30-2014 10:39 AM
0 Kudos

If your at EHP5, then you can copy the standard composite role SAP_EMPLOYEE_ESS_WDA_1 to Z.

If your at EHP6, then you can copy the standard composite role SAP_EMPLOYEE_ESS_WDA_2 to Z.

After copying, Except below roles remove all other roles in your copied Z composite role.

  

SAP_ASR_EMPLOYEE_SR_HCM_CI_3ESS Single Role
  for HCM P&F Services
SAP_EMPLOYEE_IN_ESS_WDA_1ESS Single Role for
  India
SAP_EMPLOYEE_OTH_ESS_WDA_1ESS Single Role
  Containing Non-EA-HR Services
SAP_EMPLOYEE_XX_ESS_WDA_1ESS International
  Single Role
SAP_FI_TV_WEB_ESS_TRAVELERESS Single Role for
  the Traveler
SAP_PM_EMPLOYEE_HCM_CI_1ESS Single Role for
  HCM PM Services
SAP_TMC_EMPLOYEEEmployee in Talent
  Management
Former Member
‎10-30-2014 12:47 PM
0 Kudos

Hi Shankar,

Thanks so much for your support,

I have tested one user in portal with standard roles SAP_EMPLOYEE_ESS_WDA_1 & SAP_EMPLOYEE_IN_ESS_WDA_1) same error repeating.

Please give some other solution.

Regards,

Srinivas Reddy

Colleen
Advisor
Advisor
‎10-30-2014 1:25 PM
0 Kudos

I'm confused...how has either of those error messages given you the impression that your problem is related to authorisations?

Also, did you do any testing before migrating your change to production?

former_member182426
Active Contributor
‎10-30-2014 1:28 PM
0 Kudos

Same error means  ? is that attached screen shots errors in your first thread ?

OR Your not able to view data any thing in any services ?

Former Member
‎10-30-2014 1:34 PM
0 Kudos


 

Hi Shankar,

Yes, that attached screen shots errors only repeating.

Regards,

Srinivas Reddy

Former Member
‎10-30-2014 1:48 PM
0 Kudos

Hi Lee,

Yes my problem with roles authorization, in project implementation the implementation team given the SAP_ALL & SAP_NEW roles to all ESS&MSS users portal worked fine but it is not correct we find after the team left in audit.

I have no much idea about authorization so looking for someone hands in my issue.

Regards,

Srinivas reddy

Colleen
Advisor
Advisor
‎10-30-2014 1:54 PM
0 Kudos

Your screen shots do not say this

if your issue is security read up on p_orgin and p_pernr authorisations to get you started. After that you might need to look a concept called structural authorisations with object p_orgincon

that  is concerning that the implementation project managed to do that. Sadly, it's not surprising.

former_member182426
Active Contributor
‎10-31-2014 4:38 AM
0 Kudos

You have to be clear on 2 points.

1 ) Authorizations : After assigning the role  SAP_EMPLOYEE_ESS_WDA_1 OR SAP_EMPLOYEE_ESS_WDA_2

Did you check the personal information service/ Leave Request / Leave Overview etc services , is it displaying the employee data or not

If it's displaying authorizations are fine. There is no issue in this.

2) And coming to that 2 error screen shots:

ZPAYSLIP_TEST_2 form object is not moved to PRD so your getting this error. You can test this in DEV and QAS system and make it's working there or not.

And WDABAP application ZWD_ESS_ATT_REG is giving dump because of missing infotype 0001 data. It's trying to validate with some field from IT 0001. You can take technical consultant help and find it out.


Former Member
‎10-31-2014 5:50 AM
0 Kudos

Hi Shankar,

Thanks for your support,

If I assign the role SAP_EMPLOYEE_ESS_WDA_1 I didn’t find any difference.

I have removed SAP_ALL,SAP_NEW & SAP_EMPLOYEE_ESS_WDA_1 and tested then also system working some services like below

Point :1 some services woking fine like below

A. Employee search (Working fine)

B. custom Leave application (Working fine)

C. Custom Attendance regularization ( not working)

D. Pay slip (not working )

E. Personalinformation (Personal ID only notworking & reaming           Srvicesare working example: address, Bank details, personal data….)

      

Point :2 It happening in PRD server so the respective data is available.

Regards,

Srinvas Reddy

former_member182426
Active Contributor
‎10-31-2014 6:07 AM
0 Kudos 


A. Employee search (Working fine)


B. custom Leave application (Working fine)


E. Personalinformation (Personal ID only notworking & reaming           Srvicesare working example: address, Bank details, personal data….)

It means there is no issue in authorizations. For personal id's check in ECC side is maintained or not. Other wise you can maintain it from portal application itself.

Your using which version of SAP ECC and EHP ?



C. Custom Attendance regularization ( not working)


D. Pay slip (not working )

Only your having issues in custom applications objects as I described in previous post point 2 , you need to take help of your functional and technical resource to look in to this.

First check these services in DEV and QAS portal systems. if it's working fine in both systems then those objects related transport requests you need get it import to PRD system from your SAP basis team.

Former Member
‎10-31-2014 6:36 AM
0 Kudos

Hi Shankar,

Plz check the Bellow screen short regarding Personal ID

I think it authorization issue only the data has maintained in backend
& when I give the role SAP_ALL to user then only data displaying

 

Can I get your personal mail for personalsupport.

My mail id: sree.max01@gmail.com

former_member182426
Active Contributor
‎10-31-2014 6:47 AM
0 Kudos

this is ok, in  SAP_EMPLOYEE_XX_ESS_WDA_1 role you have to add the infotype 0185 in authorization object P_ORGIN

then this issue will solve. ask your basis team to change the role and generate it.

Answers (1)

Answers (1)

Former Member
‎10-31-2014 5:41 AM
0 Kudos

Dear

Standard composite Roles R3 ESS:

SAP_EMPLOYEE_ERP

SAP_EMPLOYEE_ERP05

Standard Roles R3 MSS:

They all start with SAP_MSS. There is no standard composite Role here.

Standard ESS Portal Role:

pcd:portal_content/com.sap.pct/every_user/com.sap.pct.erp.ess.bp_folder/com.sap.pct.erp.ess.roles/com.sap.pct.erp.ess.employee_self_service

Standard MSS Portal Role:

pcd:portal_content/com.sap.pct/line_manager/com.sap.pct.erp.mss.bp_folder/com.sap.pct.erp.mss.roles/com.sap.pct.erp.mss.manager_self_service

If there is anything you want to do in detail, please provide more specific requirements.

u2022     1129412 - ESS: Authorizations and roles for WD services in ERP EHP3

u2022     1054355 - MSS: Authorizations & roles for WD services in SAP ERP PS-FS

u2022     857431 - ESS: Authorizations and roles for WD services in ERP 2005

u2022     844639 - MSS: Authorizations and roles for WD services in ERP 2005

u2022     754207 - PFCG: Missing authorization check with menu change

u2022     745655 - PFCG: Various errors in the authorization data maintenance

u2022     642359 - PFCG: Authorization checks in role maintenance

u2022     622632 - MSS: R/3 roles for business package MSS (My team)

612585 (New: Authorization default values for ext. services) for more information.

https://wiki.sdn.sap.com/wiki/display/ERPHCM/Howtogetridofauthorizationissues

Hope this help you.

Regards

Show replies
Show replies
Ask a Question