Hi
We are trying to do following:
A)
=======================================================================================
We are using MSS to do End of Employement actions where workflow is used to send various approvals as below
1) Manager1 fills out the fbrm to terminate his own employees
2) Manager2 who is manager of manager1 gets this form and approves the termination form
3) Central HR department gets this form for final approval and approves the form and termination completes.
In step1, Manager1 has access to his own reporting personnel via PD Profile authorization. When form is submitted to Manager2
before form gets to manager2, required authorization to approve form is being checked for Manager2(auth. for various infotype as well as personnel level
access for the peson who is being terminated)
Question: How do you trace what exact authorization Manager2 will need to approve the form ?. ST01 trace does not show anything
since manager2 is not even logged into system this point. If I assign "ALL" PD profile it works but it does not work with
any other PD profile..Why is that ?. Any Clue on finding out how exactly to trace this autorization check precisely ?.
I am working in security for 14 years and never came across something where target user authorization checked before user logged into
system.
In step2 to step3 same thing occurs....for autorization and workflow is checking authorization for Central HR dept. authorization before
it is being sent to him. How do find out what exactly being checked. Well...workflow log shows that is failed due to xyz infotype but
you keep adding access to infotype until it works..that does not apprear to be logical way of finding out the issue..
==================================================================================
B)
In MSS, Manager is tranferring his employee to different manager using MSS services.
During this process, manager1 who has active employee is sending a form to manager2 who is receiving manager for approval of tranfer form.
During this approval workflow, manager2(receiving) manager is getting no authorization error in workflow log. How do we resolve this
authorization issue ?. Logically, manager2 can't have access to employee who he is going to be hired. This point he is reporting to mananger1.
We are using PD profile authorization to have manager access to thier own people.