Skip to Content
author's profile photo Former Member
Former Member

HR Failed Authorizaiton shows wrong personnel no. in SU53

Hello all:

When I run an HR report that is based on PNPCE logical database I get the list but when I green arrow back it shows ' insufficient authorization, no. skipped personnel nos.: 1'. I understand that it means I do not have org. authorization for 1 employee. But the problem is when I do SU53 it shows around 20 personnel no.s in the list of section 'Failed HR Structure Authorizations' with each having 4 records with DISP and INSEC actions. As a matter of fact I have access to all of these employees and the employee I am missing is not even in this list. I was able to figure out who I missed with binary search for the employees I ran the report for and it is just one. If I exclude that one user from my selection I can run report with no message.

I searched the SAP Notes and forum to see if this was a bug, I could not find anything.

Can somebody explain if this is normal behavior in HR authorization failure? I appreciate expert advice/input.

Thanks in advance,


Add a comment
10|10000 characters needed characters exceeded

Assigned Tags

Related questions

3 Answers

  • Best Answer
    author's profile photo Former Member
    Former Member
    Posted on Jul 31, 2008 at 09:46 PM


    I would recommend you try ST01 auth check trace result. In case of HR, SU53 may not always help you.



    Add a comment
    10|10000 characters needed characters exceeded

  • author's profile photo Former Member
    Former Member
    Posted on Jul 31, 2008 at 09:54 PM

    Looks like this is related to how your PD profile is pulling out the org/person information.

    Check out report RHUSERRELATIONS for your user id and compare to what you observe in SU53.

    Add a comment
    10|10000 characters needed characters exceeded

  • Posted on Aug 04, 2008 at 01:24 AM

    Hi there,

    I'm more than happy to be corrected if I'm wrong, but I'm pretty sure that your SU53/ST01 results won't show the failure for your user. If you think of it as two parts for HR auths, you will first run your check for the infotype access against person/area of your business, and then you'll have an additional check for your structural authorisation.

    If you go to transaction OOSB, find the user ID you're logged on with and click on the 'info' button, you will see all the objects you have access to. I would bet that if you looked on that list, you will see all the users you have access to come up, but you won't see that single individual come up. If you need to see them, then it's a matter of reviewing your structural auths.

    Another way to check or verify this is to give the user ID 'all' in the structural auths field (if you can) or remove all entries for the user. Run the report again and your user ID should see all values - so then I'd imagine you'd re-evaluate the structural auth design and see if it's correct. (This isn't something you should keep as a permanent thing though!!)

    It is normal behaviour infact - if you had your ST01 log you should be able to trace back the check for that particular user as a pass there. Those checks work and the structural auth check is like an additional piece. If you like, go online and search for the HR authorisations security guide. This explains probably better than I could about the two checks. Unfortunately, I don't know of any trace that would be able to show the structural auth failure.

    Of course, depending on your security policies, you should probably test this out in Acceptance if you're unsure or nervous about it all.

    Good luck with it. 😊



    Add a comment
    10|10000 characters needed characters exceeded

Before answering

You should only submit an answer when you are proposing a solution to the poster's problem. If you want the poster to clarify the question or provide more information, please leave a comment instead, requesting additional details. When answering, please include specifics, such as step-by-step instructions, context for the solution, and links to useful resources. Also, please make sure that you answer complies with our Rules of Engagement.
You must be Logged in to submit an answer.

Up to 10 attachments (including images) can be used with a maximum of 1.0 MB each and 10.5 MB total.