Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Access to PA20 - conflicts

Former Member

‎10-28-2008 11:39 AM

0 Kudos

Hi

I have just created a new role that gives display access to PA20, only for Infotypes 0001, 0002, 0024 and 0041

the role works fine for a user who has only ESS access

This role gives access to all Empl Groups (e.g. EE)

Another user needs this role however he normally has access to many other HR transactions but limited to some Empl Groups (EE excluded).

That seems to cause a conflict because if he tries to display trough PA20 a Personnel Number in group EE (access granted through the new role), he doesnt get any information.

How does this transaction work exactly? How best to fix this?

Seems a complex one, hopefully I have explained enough

Thanks

Nadia

3 REPLIES 3

Former Member

‎10-28-2008 5:41 PM

0 Kudos

> 

> Hi
> I have just created a new role that gives display access to PA20, only for Infotypes 0001, 0002, 0024 and 0041
> the role works fine for a user who has only ESS access
> This role gives access to all Empl Groups (e.g. EE)

ESS are mainly services, you do not give out tcode PA20 access.

Your auth object access should just be for P_PERNR. Your trace might point to P_ORGIN, P_ORGINCON, P_ORGXXCON but you only grant access to P_PERNR.

> 
> Another user needs this role however he normally has access to many other HR transactions but limited to some Empl Groups (EE excluded). 
> That seems to cause a conflict because if he tries to display trough PA20 a Personnel Number in group EE (access granted through the new role), he doesnt get any information.

You will need a different role for this one.

Former Member
In response to Former Member

‎10-29-2008 3:16 PM

0 Kudos

John, thanks for your message

The other user has got already many other roles containing access to PA20 but only for some E groups. When he tries to access the one included in the new role, he can't display any information at all of that HR record. Only the name comes up, thats all..

so I need to identify the conflict..

Hope I made it clear

Thanks

Nadia

Former Member
In response to Former Member

‎11-04-2008 5:45 PM

0 Kudos

> 

> John, thanks for your message
> 
> The other user has got already many other roles containing access to PA20 but only for some E groups. When he tries to access the one included in the new role, he can't display any information at all of that HR record. Only the name comes up, thats all..
> 
> so I need to identify the conflict..
> 
> Hope I made it clear
> Thanks
> 
> Nadia

It looks like the user is being restricted by a PD. Remove any PDs for the user and have him test. If it works you need to isolate it to the PD causing the problem and make changes.