Skip to Content

Structural Auths, workflow and substitution


We have EP7 and ECC6. Users request leave, workflow goes to their manager and their manager approves / rejects it in the portal UWL. When they click on it in the UWL it calls a webdynpro (list of which are limited using S_SERVICE) which RFC's to ECC6.

Now the strange thing is that in the UWL you can define a substitute. They receive all of the workflows which are in your inbox. We are finding that when this is set up, the substitute can approve items, even though with structural authorisations they shouldn't be able to.

We have tested the substitute accessing pa30 for the relevant personnel record and the structural authorisations stop them accessing the personnel record.

So any ideas why it allows the substitute to approve the leave / expense requests?



Add a comment
10|10000 characters needed characters exceeded

Assigned Tags

Related questions

1 Answer

  • author's profile photo Former Member
    Former Member
    Posted on Jul 22, 2008 at 03:34 PM

    Hi Paul,

    By the sound of it, the check is either not coded or the actual approval update is running in the context of the workflow engine, and that engine is authorized to process the approval if requested to do so.

    Either way, a solution might be to look in the org structure when a person substitutes: That way, only authorized folks can be selected as a substitute?

    Another option I have seen to deal with similar stuff, is to send a notification email to the real line manager in the org structure at the point where they (or a direct report) are cut out of the loop, as an "after-the-fact" way of controlling the substitute.



    Add a comment
    10|10000 characters needed characters exceeded

    • Former Member Paul Tomlinson


      > The e-mail is a good idea but probably not the one for this client - apparently the managers love delegating stuff!

      That sounds familiar, but they normally don't mind an email to inform about what's going on (or exceptions).

      Take a look in the record (the approved one) under which context it is. If the end user ID is the "approver", it might still be a WAPI running in the workflow context.



Before answering

You should only submit an answer when you are proposing a solution to the poster's problem. If you want the poster to clarify the question or provide more information, please leave a comment instead, requesting additional details. When answering, please include specifics, such as step-by-step instructions, context for the solution, and links to useful resources. Also, please make sure that you answer complies with our Rules of Engagement.
You must be Logged in to submit an answer.

Up to 10 attachments (including images) can be used with a maximum of 1.0 MB each and 10.5 MB total.