cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Unable to prevent access to payroll area through auth. object : P_PCR

former_member270360
Participant

on ‎01-18-2010 5:26 PM

0 Kudos

Dears,

Whenever an HR user has only authority to one specific payroll area through authorization object P_PCR (authorization field ABRKS), he still can change the payroll area field to another value for which he is not authorized, through transaction PA30, after entering the personnel number and the info type number (0001 = Organizational Assignment), and pressing the Change (F6)' button.

Could someone please give a hint about what could be missing ?

Thanks.

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (1)

Answers (1)

Former Member
‎01-18-2010 6:07 PM
0 Kudos

Hi,

Te be precise object P_PCR grants access to payroll control record via PA03.

It doesn't control access to IT0001 via transaction PA30. To restrict this access you should use object P_ORGIN and field VDSK1 that can be defaulted to payroll area via feature VDSK1.

Cheers

Show replies
Show replies
former_member270360
Participant
‎01-18-2010 6:15 PM
0 Kudos

Dear semvladigo,

Thank you for your reply.

I did resort to configuring field VCSK1 in authorization object P_ORGIN, using SAP formal & non-formal documentation, but none of my trials were successful.

I would be grateful if you could guide me to the steps for doing so.

Thanks.

Reda

Former Member
‎01-19-2010 12:47 PM
0 Kudos

Hi,

When you set up rule for VDSK1 it doesn't change data in IT0001. When object P_ORGIN check access it refers to IT0001.

So if you are in a project mode then every new record in IT0001 will have value according with feature VDSK1 configuration. If you are in support mode you have to update this field in IT0001.

Just try to create new record / change existing one, pay attention to value in field "Org.key" (it should change to payroll area) and then try to test your security role.

Cheers

Ask a Question