cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Authority Objects to read HR FM BAPI_ORGUNITEXT_DATA_GET

Go to solution
Former Member

on ‎09-20-2008 12:44 AM

0 Kudos

Hello gurus,

i want to run only FM BAPI_ORGUNITEXT_DATA_GET through a SAP User ID, i assigned some Authority Objects to it but its not returining anything if i run it through other user using same parameters its showing me the data. i assigned S_DEVELOP the FM and Function group of the FM, it has access to all the infotypes P_ORGIN-all, S_DEVELOP - All tables, P_PERNR - all, S_RFC-the selected FUGR and SYST function group, P_ABAP -all.

Do you guys think i am still missing something, to view the FM output.

In the same user I am getting output from FM BAPI_EMPLOYEE_GETDATA. using these objects.

NOTE: the user dont have any other objects assigned to it, apart from the specified here. (Though i assigned se37 for testing purpose).

i will really appreciate your reply on the same.

thanks in advance

Mani

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

Former Member
‎09-20-2008 10:44 AM
0 Kudos

You probably need auth. object PLOGI for infotype 1000 and possibly 1002.

Hope this helps.

Kirsten

Show replies
Show replies
Former Member
‎09-20-2008 10:48 PM
0 Kudos

Hello Kibo,

You probably need auth. object PLOGI for infotype 1000 and possibly 1002.

--Did you mean PLOG? or PLOGI?

and do you think i need to assign to in tcode OOAC or OOAB too.

Can you tell me what are the Objects i need to use to assign say Infotype 1000 and 1002 to a role XYZ ( Ultimatly user).

that would be very usefull.

thanks

Mani

Former Member
‎09-20-2008 11:32 PM
0 Kudos

Sorry - meant PLOG. I haven't checked the FM in any depths, but you if you pass object type O to the FM, this is the object type you will need to assign.

The PLOG could look like this:

Infotype 1000, 1002 (you could put * here)

Planning status 1 (presuming this is what you use)

Object type O

Plan version 01 (or whatever is your active plan version)

Function code DISP, LISD (assuming you only want to see)

Subtype *

You may need other obejct types in the authorization object. If you use structural authorizations, they have to be in place as well. Consider that the authorization object defines what data your are allowed to read. Structural Authorizations decides where in the org.structure you can read those data.

Your best way forward may be to got to SE37 and test the FM. Then directly after (if it fails to deliver) go to SU53 and check the authorizations.

No - you should not have to assign the transaction codes.

Hope this helps.

I may have misunderstood the usage of the FM. I am basing my answer on the fact that it reads OM.

Former Member
‎09-22-2008 12:38 AM
0 Kudos

Hello Kibo,

thanks a lot for prompt reply, i will give it a try tomorrow morning.

i have one question PLOG has some dependency on Structural Authorization if you can put some clear light on the same.

thanks

Former Member
‎09-22-2008 2:08 PM
0 Kudos

I am not sure if I understand your question, but will give it a try:

PLOG is an authorization object. It tells you what data a user can access. Eg. in my example he can read Organizational units. It is not dependent on structural authorizations. So if no struc.auth. is implemented, the user can read all organizational units in the entire client.

If you implement structural authorizations and eg. say that user 1 can only read from org.unit A down, then user 1 can only read organizational units in the org.tree from A downwards.

Structural authorizations in this way narrow the objects you can read.

But structural authorizations will never let you read data itself. For this you need PLOG and other authorization objects.

Kirsten

Answers (1)

Answers (1)

former_member181966
Active Contributor
‎09-22-2008 2:52 PM
0 Kudos

What "SU53" say ? Post it ..

^ Saquib

Show replies
Show replies
Former Member
‎09-22-2008 4:34 PM
0 Kudos

Well SU53 wont give you the HR security ralated failure, i dont konow how to check HR authorization failure check like in r/3 we an check in su53. any commen would be appreciated.

Former Member
‎09-22-2008 5:10 PM
0 Kudos

Mandy,

Are you still having trouble with the FM?

I assume you are using this from another system (since it is a BAPI FM).

Is your problem that you don't know how to check this in R/3 or could you be a little more specific?

There is also an way to trace the authorizations. Talk to your security people. Are you sure you are having a security issue with Authorization Objects? Do you get any result if you run the FM from SE37? (You can test it there with all the parameters you call it with).

Kirsten

former_member181966
Active Contributor
‎09-22-2008 5:17 PM
0 Kudos

Look at t-codes "S_ALR_87101279" and "St01 "

^ Saquib

Ask a Question