10-28-2008 11:39 AM
Hi
I have just created a new role that gives display access to PA20, only for Infotypes 0001, 0002, 0024 and 0041
the role works fine for a user who has only ESS access
This role gives access to all Empl Groups (e.g. EE)
Another user needs this role however he normally has access to many other HR transactions but limited to some Empl Groups (EE excluded).
That seems to cause a conflict because if he tries to display trough PA20 a Personnel Number in group EE (access granted through the new role), he doesnt get any information.
How does this transaction work exactly? How best to fix this?
Seems a complex one, hopefully I have explained enough
Thanks
Nadia
10-28-2008 5:41 PM
>
> Hi
> I have just created a new role that gives display access to PA20, only for Infotypes 0001, 0002, 0024 and 0041
> the role works fine for a user who has only ESS access
> This role gives access to all Empl Groups (e.g. EE)
ESS are mainly services, you do not give out tcode PA20 access.
Your auth object access should just be for P_PERNR. Your trace might point to P_ORGIN, P_ORGINCON, P_ORGXXCON but you only grant access to P_PERNR.
>
> Another user needs this role however he normally has access to many other HR transactions but limited to some Empl Groups (EE excluded).
> That seems to cause a conflict because if he tries to display trough PA20 a Personnel Number in group EE (access granted through the new role), he doesnt get any information.
You will need a different role for this one.
10-29-2008 3:16 PM
John, thanks for your message
The other user has got already many other roles containing access to PA20 but only for some E groups. When he tries to access the one included in the new role, he can't display any information at all of that HR record. Only the name comes up, thats all..
so I need to identify the conflict..
Hope I made it clear
Thanks
Nadia
11-04-2008 5:45 PM
>
> John, thanks for your message
>
> The other user has got already many other roles containing access to PA20 but only for some E groups. When he tries to access the one included in the new role, he can't display any information at all of that HR record. Only the name comes up, thats all..
>
> so I need to identify the conflict..
>
> Hope I made it clear
> Thanks
>
> Nadia
It looks like the user is being restricted by a PD. Remove any PDs for the user and have him test. If it works you need to isolate it to the PD causing the problem and make changes.