04-21-2008 5:58 PM
Hi there,
We have restricted CAT2 using the P_PERNR auth object (after switching PERNR on in OOAC) for our Portal implementation. One of our controls for Employee Portal time entry is that employees can only enter time up to 2 weeks in advance at most.
This is set in the SU01 user parameter CVR with our custom data entry profile set. However, if the user logs into SAP GUI and runs CAT2 they are able to select a different data entry profile and thus enter time 3 weeks or 3 years in advance.
Is there any way to control access to the data entry profile within CAT2
Thanks!
04-21-2008 6:34 PM
John,
Yes, there is a way to do this. It is controlled in authorization object P_PERNR or P_ORGIN (depending on other requirements) via Infotype 0316. For the Subtype of 0316 you enter the authorization groups you want to allow for the CATS Data Entry Profiles. When you configure the Data Entry Profiles, you should see a field for assigning an Authorization Group. If I remember correctly, you can enter this in freeform -- i.e., make one up and assign it -- and then use that same value in the authorization profile for infotype 0316.
--Matt
04-21-2008 6:34 PM
John,
Yes, there is a way to do this. It is controlled in authorization object P_PERNR or P_ORGIN (depending on other requirements) via Infotype 0316. For the Subtype of 0316 you enter the authorization groups you want to allow for the CATS Data Entry Profiles. When you configure the Data Entry Profiles, you should see a field for assigning an Authorization Group. If I remember correctly, you can enter this in freeform -- i.e., make one up and assign it -- and then use that same value in the authorization profile for infotype 0316.
--Matt