cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

PT60/61 and No access IT0008 & IT0006 for a Time Admin user

Go to solution
omar_bradai
Explorer

on ‎02-09-2015 3:48 PM

0 Kudos

Hi Folks.

The users of these authorisations are ‘Time Administrators’ and are only responsible for maintaining information that relates to the time management for a small group of employees.

Time Administrators are not managers or part of the HR department. For example, a secretary in the Head Office may be responsible for the Time Management of a group of senior managers, that secretary should not be able to see the pay details of the managers (IT0008) or their address details (IT0006). The same principles apply in the factory, managers do not normally administer time, it is normally production line supervisors.


So when my users try to run PT60 or PT61, the abap report checks Infotype 0008 for RPTIME00 and Infotype 0006 for pt60, the user has access to PA51, I don't want it to display IT0008 and IT0006.


If I try this configuration for RPTIME00  It doasn't work.


S_TCODE = PA51, PT60


P_ABAP.

COARS = 1

REPID = RPTIME00


Istance 1

P_ORGIN

INFTY  = 0000-0007

SUBTY  = *

AUTHC  = M,R

PERSA  = G*

PERSG  = *

PERSK  = *

VDSK 1 = *


Istance 2

P_ORGIN

INFTY  = 0009-9999

SUBTY  = *

AUTHC  = M,R

PERSA  = G*

PERSG  = *

PERSK  = *

VDSK 1 = *


Istance 3

P_ORGIN

INFTY  = 0008

SUBTY  = *

AUTHC  = R

PERSA  = *

PERSG  = *

PERSK  = *

VDSK 1 = 0001TIMEXXX


P_ORGXX

INFTY  = *

SUBTY  = *

AUTHC  = *

SACHA  = *

SACHP  = *

SACHZ  = *

SBMOD  = *

When I try to run Time Eval, using EE with G* PERSA (IT0001), the rptime00 report displays 0,

SU53 display an IT0008 with * in VDSK1.


Take in account that I tried EE with and without VDSK1 in their infotype 0001.


Thanks for your help.


Omar.

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

omar_bradai
Explorer
‎03-02-2015 11:33 AM
0 Kudos

Hi All,

Problem solved.

The first solution works only if you don't have the Authorization badi enhancement activated, if you decided to implement your badi you should implement and authority check code for P_ABAP coars = 1 in your contstructor method.

Best regards,

Omar

Show replies
Show replies
nova
Explorer
‎08-02-2015 4:57 AM
0 Kudos

Hello Omar,

We have a similar situation as you had, we need to give time keepers access to IT0008 in PT60, but won't give their access to IT0008 in PA20. Could you please post detail of your solution?


Your help is very much appreciated.





jagan_gunja
Active Contributor
‎08-02-2015 12:12 PM
0 Kudos

Wu

You may be able to control the access by transaction code PA20, PA30, etc. so that any maintenance is disallowed.

You may need to disallow also SE16, SE17 and any ABAP debugging.

Discuss with your Security consultant.

Best of luck

Regards, JG

nova
Explorer
‎08-02-2015 2:53 PM
0 Kudos

Here is what the user should have:

1. PT60, able to access IT0008 to do time evaluation

2. PA20 to access HR master  but not IT0008 payroll data.

Is it possible through security setting?

Thanks

omar_bradai
Explorer
‎08-10-2015 9:46 AM
0 Kudos

Hi Wu,

Yes it is possible to do this customizing, I have just a question for you.

Do have implemented the authorization Badi ? If yes this is functionality doesn't work.

If not I can give you more details.

Regards.

Omar

nova
Explorer
‎08-10-2015 1:47 PM
0 Kudos

Hi Omar,

we have not Implemented HR authorization Badi, please post the details. if file is big, please send by email to wukeqin@Hotmail.com.

thank you in advance.

Keqin Wu


.

omar_bradai
Explorer
‎08-10-2015 2:09 PM
0 Kudos

OK in this case, please use the same configuration I mentioned in this post at the beginning. Don't forget to replace P_ORGIN by P_ORGINCON if it's activated in T77S0 table.

nova
Explorer
‎08-14-2015 4:16 PM
0 Kudos

Thank you so much Omar, it works for me.

omar_bradai
Explorer
‎08-14-2015 4:33 PM
0 Kudos

Thank you 🙂

Could you please click on Correct Answer?

Thank you.

Answers (1)

Answers (1)

Former Member
‎02-09-2015 6:31 PM
0 Kudos

Hi Omar,

Provide only PT60 / PT61 in S_TCODE and I hope that until you give pa30/pa20 in this object they can't able to see Info type 0008 / 0006 and I think so that they need authorization for pa20/pa30.

Hope I am clear on your requirement.

Show replies
Show replies
omar_bradai
Explorer
‎02-10-2015 8:50 AM
0 Kudos

Hi Kedhar,

This is not solve my problem, the PA51 is also like PA20/30, I need to maitain the PA51 and also IT0008/6 but using PA51 they can display IT0008/6, something is not working fine because the solution of sap is to implement the objets as I said, it's supposed it should to work.

Thanks for your help.

Omar

Ask a Question