Skip to Content
author's profile photo Former Member
0
Former Member

How do I restrict PT60 Schema transaction to Personal Area?

Posted on Aug 30, 2010 at 09:24 PM 91 Views

I have tried to restrict it throgh personal area but no luck. Same with PPOME transaction even though the users have only restricted PA access but they are able to change Org structure.

I ran the trace and it shows that it checked P_ORGIN for specific Personal Area but then bypass that check and was able to update the change.

Please help!

Regards,

Zee

Add a comment
10|10000 characters needed characters exceeded

Assigned Tags

Related questions

5 Answers

  • author's profile photo Rémi Corriveau
    Rémi Corriveau
    Posted on Aug 31, 2010 at 02:14 AM
    0

    Check out Structural Authorisation. Lots of documentation on the web and in SAP.

    We have that, plus the first 2 digits of the User's Name start with the 2 digits of the Personal Area.

    Add a comment
    10|10000 characters needed characters exceeded

  • author's profile photo Former Member
    Former Member
    Posted on Aug 31, 2010 at 07:00 AM
    0

    The RPTIME00 program cannot be controlled by structural authorisations.

    Personnel area is not even a selection criterion in the PT60 transaction.

    Add a comment
    10|10000 characters needed characters exceeded

  • author's profile photo Former Member
    Former Member
    Posted on Aug 31, 2010 at 06:46 PM
    0

    So how do I secure it? There got to be some way .

    Edited by: Zee_has on Aug 31, 2010 8:46 PM

    Add a comment
    10|10000 characters needed characters exceeded

    • Rémi Corriveau
      Aug 31, 2010 at 08:50 PM

      Each of our Personal Areas have their own Time Schema, but we have only one Payroll Schema.

      With structural authorization (and perhaps a little more on the security side), a time administrator can't do Time Evaluation of an employee in a Personal Area other than his own. The same is valid for Payroll.

  • author's profile photo Former Member
    Former Member
    Posted on Oct 12, 2010 at 04:18 AM
    0

    What about create a function via PE04 that checks the User Name that attemps to run the time schema and depending the returning value, it goes for the personal area you need?

    Add a comment
    10|10000 characters needed characters exceeded

    • Former Member
      Oct 12, 2010 at 05:41 AM

      Hi,

      (structural) authorizations for access to employees is correct, I assume

      What you might do is add an addtional PCR to the time schema.

      If the personnel area of the EE and time schema don't 'match' add an error so that further time evaluation fails.

      Or am I missing your point?

      Wilfred.

  • author's profile photo Former Member
    Former Member
    Posted on Oct 12, 2010 at 06:07 AM
    0

    Hi,

    Check object P_ABAP if the program RPTIME00 is there, if so then remove it. This can be the reason why P_ORGIN check fails.

    Cheers!

    Add a comment
    10|10000 characters needed characters exceeded

Before answering

You should only submit an answer when you are proposing a solution to the poster's problem. If you want the poster to clarify the question or provide more information, please leave a comment instead, requesting additional details. When answering, please include specifics, such as step-by-step instructions, context for the solution, and links to useful resources. Also, please make sure that you answer complies with our Rules of Engagement.
You must be Logged in to submit an answer.

Up to 10 attachments (including images) can be used with a maximum of 1.0 MB each and 10.5 MB total.