Skip to Content
avatar image
Former Member

PA40 - no delete

How do i grant aceess to PA40, but no access to delete any actions?

Add comment
10|10000 characters needed characters exceeded

  • Get RSS Feed

2 Answers

  • avatar image
    Former Member
    Jun 18, 2010 at 03:12 PM

    Hi Vaishali,

    Below are the authorization object through which you can restrict the access of this tcode:

    PLOG

    P_ORGIN

    P_PCLX

    P_PERNR

    Check for the field" AUTHC" on above objects and restrict them accordingly. Also easier way is to give full access of this tcode to a role and assign it to the testId. Now run a trace on the testID and find out which auth. objects are getting checked while you are performing deletion activity.

    Add comment
    10|10000 characters needed characters exceeded

    • Hi Vaishali,

      The above Tcode will provide access to different infotype, you need to verity which are the info type you need to have access, you may get info from HR consultant. The Tcode will check for standard object check P_ORGIN, you can restrict the athoirsation only to display using AUTH = M,R. You may need P_ORGXX if your system is enabled for extended auth check.

      If yes above AUTH values should be added with same info type and other customizing values.

      Regards

      Arul

  • avatar image
    Former Member
    Jun 18, 2010 at 07:56 PM

    Vaish,

    You can restrict on user group

    u need to chk the user group....go o own data --> Parameters --> UGR

    or.

    Make the user unable to see list of actions in Pa40 (i.e only certain actions he need to see). if this not accomplished thru security then try to Configuration.

    Thanks,

    Sri

    Add comment
    10|10000 characters needed characters exceeded

    • Former Member

      Hello Vaishali ,

      You can create 2 instances of Authorization objects P_ORGINCON and P_ORGXXCON

      In the first instance only grant access with R, M for field AUTHC with INFTY infotype 0000 (actions) with subtype *

      And in the second instance you can provide the access for all the infotypes as per your requirement.