|
Use the Profile Generator (PFCG) to correct roles and/or transactions SU02 (Maintain Profiles)
/ SU03 (Maintain Authorizations) to correct profiles and authorizations, depending on your environment.
With the authorization info system (SUIM) you can check the results.
============[Human Resources General Checks]===============
[HR Admins - Are Authorized to Maintain Table T77S0]
Users having this authorization can change or deactivate the use of the authorization objects P_PERNR and P_ORGIN in the HR application.
Authorization objects:
Object 1: S_TABU_DIS with DICBERCLS = PS and ACTVT = 02
Object 2: S_TCODE with TCD = SE16, SE16N, SE17, SM30, or SM31
[HR Admins - Are Authorized to Maintain Tables for Organizational Data]
Users having this authorization can change the logging of infotypes and report starts.
Also organizational HR data tables such as T500P T501 or T503K can be changed.
Object 1: S_TABU_DIS with DICBERCLS = PC and ACTVT = 02
Object 2: S_TCODE with TCD = SE16, SE16N, SE17, SM30, or SM31
[HR Admins - Are Authorized to Read the Infotype Change Log]
Users having this authorization can access infotype data without a specific authorization for infotypes.
Object 1: S_PROGRAM with P_GROUP =RPUAUD00 and P_ACTION = SUBMIT
Object 2: S_TCODE with TCD = SE38 or SA38 or SC38 (and all relevant parameter transactions)
Object 3: S_DEVELOP ACTVT = 03
[HR Admins - Are Authorized to Read HR Tables with Person Related Data]
Users with this authorization can read all HR tables with person-related data.
Object 1: S_TABU_DIS = PA and ACTVT = 03
Object 2: S_TCODE = SE16, SE16N, SE17, SM30, or SM31
Users - Other Than the HR Admins - Are Authorized to Change HR Tables with Person Related Data
Object 1: S_TABU_DIS = PA and ACTVT = 02
Object 2: S_TCODE = SE16, SE16N, SE17, SM30, or SM31
[HR Admins - Are Authorized to Maintain Client Dependant HR Customizing]
Users with this authorization can change client-dependant HR customizing.
Object 1: S_TABU_DIS = PA AND PS and ACTVT = 02
Object 2: S_TCODE = SE16, SE16N, SE17, SM30, or SM31
[HR Admins - Are Authorized to Run All HR Transactions]
Users with this authorization can call all HR transactions.
Object1: S_TCODE = P*
Object2: P_TCODE = *
[HR Admins - Have Broad Authorization on HR Reports]
This authorization gives broad authorization for HR Reports. The authorization objects P_ORGIN and P_PERNR can be overruled with this authorization.
Object1: P_ABAP = with REPID = * and COARS = 2
============[ Personal Administration]===============
[HR Admins - Are Authorized to Read HR Master Data]
Users with this authorization can read the HR master data.
Object 1: S_TCODE = PA20 [and all relevant parameter transactions]
Object 2: P_ORGIN with AUTHC = R
Object 3: P_ORGXX with AUTHC = R (if AUTHSW ORGXX is set to 1 in table )
[HR Admins - Are Authorized to Change]
Master Data without Double Verification
Users with this authorization can change master data without verification through a colleague.
Object 1: S_TCODE = PA30 [and all relevant parameter transactions]
Object 2: P_ORGIN with AUTHC = (D and ( E or S )) OR W
Object 3: P_ORGXX with AUTHC = R (if AUTHSW ORGXX = 1 in table T77S0)
============[ Payroll]===============
[HR Admins - Are Authorized to Read Payroll Results]
Users with this authorization can read the HR payroll results.
Object1: P_PCLX = with AUTHC = 'R' and RELID = '*'
[HR Admins - Are Authorized to Maintain Personell Calculation Schemas]
Users having this authorization can maintain the HR personnel calculation schemas.
Object 1: P_TCODE with TCD = PE01
Object 2: S_TCODE with TCD = PE01
[HR Admins - Are Authorized to Release a Payroll Run]
Users with this authorization can release a payroll run.
Object 1: P_TCODE with TCD = PA03
Object 2: S_TCODE with TCD = PA03
[HR Admins - Are Authorized to Delete Payroll Results]
Users with this authorization can delete payroll results
Object 1: S_TCODE = SE38 SA38 SC38 [and all relevant parameter transactions]
Object 2: S_PROGRAM with P_GROUP = RPUDEL20 and P_ACTION = SUBMIT
Object 3: S_DEVELOP with ACTVT = 03
OR
Object 1: S_TCODE = PU01 and P_TCODE = PU01 [and all relevant parameter transactions]
Object 2: P_ORGIN with AUTHC = W
 |
|
Вход
Регистрация
FAQ пользователя
Поиск
