on 01-18-2010 5:26 PM
Dears,
Whenever an HR user has only authority to one specific payroll area through authorization object P_PCR (authorization field ABRKS), he still can change the payroll area field to another value for which he is not authorized, through transaction PA30, after entering the personnel number and the info type number (0001 = Organizational Assignment), and pressing the Change (F6)' button.
Could someone please give a hint about what could be missing ?
Thanks.
Hi,
Te be precise object P_PCR grants access to payroll control record via PA03.
It doesn't control access to IT0001 via transaction PA30. To restrict this access you should use object P_ORGIN and field VDSK1 that can be defaulted to payroll area via feature VDSK1.
Cheers
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi,
When you set up rule for VDSK1 it doesn't change data in IT0001. When object P_ORGIN check access it refers to IT0001.
So if you are in a project mode then every new record in IT0001 will have value according with feature VDSK1 configuration. If you are in support mode you have to update this field in IT0001.
Just try to create new record / change existing one, pay attention to value in field "Org.key" (it should change to payroll area) and then try to test your security role.
Cheers
User | Count |
---|---|
104 | |
12 | |
11 | |
6 | |
5 | |
4 | |
3 | |
3 | |
3 | |
3 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.