Hi,

If auth check has to take place on payroll area with auth field VDSK1 of the auth Object P_ORGIN then VDSK1 should be linked to the payroll area. Customization might be require

or

you need to link personel area with payroll area

if you have time pls read the document

http://help.sap.com/saphelp_470/helpdata/en/17/4bba3b3bf00152e10000000a114084/frameset.htm

P_ABAp(u can by-pass the authorization) / P_PCLX (but we dont have pay roll area field)..

Thanks,

Sri

As far as I understand your issue you require 2 things.

1. You want to segregate the access to Employees by their Payroll Area.

2. You require that segregation only for transaction PC00_M99_CIPE.

As you have mentioned already P_ORGIN does not check the Payroll Area.

I would apporach that as follows.

Solution for number 1.

A new Authorisation Object is required which will allow to check the Payroll Area. That can be done in transaction SU21. If you haven't created any object class in the customer naming space before I suggest you create a new customer object class first. That is what looks like a folder and than you create in that object class a new Authorisation Object which has the field Payroll Area.

You than assign the new authorisation object to the manager roles and just give them access to their payroll area.

Solution for number 2 (enabling the new Authorisation Object).

That will require some ABAP development. However you will get away without any modification. SAP has provided a BAdI to get that working.

Lets step through that:

You will need to implement SAP BAdI Definition HRPAD00AUTH_CHECK. BAdIs can be implemented with transaction SE19.

When implementing the BAdI you must ensure that you always call the SAP standard. If we do not do that the SAP HR standard checks will not work.

Therefore when you implement the BAdI do the following.

- Create a class attribute in the implementing class of the BAdI. The attribute is a reference to the SAP standard authorisation class. The attribute should have Type : TYPE REF TO CL_HRPAD00AUTH_CHECK_STD

- Create a Class Constructor in the implementing class of the BAdI. The class constructor should now create an instance of the SAP standard authorisation class. That instance is the attribute you have declared before.

- Now you go through ALL the methods. In every method you must check first if your class attribute is not initial otherwise create an instance of the SAP standard authorisation class (That instance is the attribute you have declared before and should normally exist as result of the Class Constructor). Than you call the Interface Method of the SAP standard authorisation class. The interface method must have the same method name in comparison to the method you are working on.

- If that has been done in ALL methods SAP standard is working again.

Now the ADD ON for the new authorisation object.

- Go in METHOD IF_EX_HRPAD00AUTH_CHECK~CHECK_AUTHORIZATION of the BAdI implementation.

- After the call of the standard authorisation check at the end of the method you add your code for the new authorisation object.

- First check the SY-TCODE is equal to PC00_M99_CIPE

- now Read Infotype 0001 of the employee which is passed in the BAdI Method as import parameter.

- Call the authorisation check (use the pattern function in the ABAP editor) for your new authorisation check. You pass the payroll area of the employee which you will have retrieved in the previous step.

- check the SY-SUBRC after the authorisation check.

- if SY-SUBRC is not initial, clear the Method export parameter IS_AUTHORIZED.

Hope that helps.

Best regards

Karsten

I

Edited by: Karsten Arold on Jul 25, 2010 12:12 PM

I have created a documentation with screen shots on how to do it.

Please follow the link. http://www.mediafire.com/file/k6r4yb862w7revi/Creation of a new HR Authorisation Checks.pdf

Hi,

A combination of the following object in HR CLASS

will help you resolve the problem

HR: Master Data P_ORGIN

HR: Clusters P_PCLX

HR: Payroll Control Record P_PCR

HR: Transaction codes P_TCODE

Work with the object P_PCR it has payroll area authorization field

Payroll Area * ABRKS

Activity * ACTVT