Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Showing results for 
Search instead for 
Did you mean: 

Unable to create HR records (with subtype)

Former Member
0 Kudos

Hi Experts,

I've implemented Structural Authorization and developed HR maintenance role with the following details :

Auth Object: P_ORGINCON

AUTHC M, R, W

INFTY 0006 (and others)

PERSA *

PERSG *

PERSK *

PROFL ZHR*

SUBTY *

VDSK *

Auth Object: P_PERNR

AUTHC M,R, W

INFT 0006 (and others)

PSIGN I

SUBTY *

This role and auth profile ZHR-xxxxx has been granted to the Test ID accordingly.

Lets take IT0006 as an example - I try to create new record with subtype 01 but keep getting below notification:

"No authorization to maintain Addresses 01 exists"

I've tried SU53 and ON the trace to identify the missing piece but what I'm getting is not relevant e.g. AUTHC = S.

Where did I go wrong - appreciate you guys could help me on this. Thank you.

Regards

1 ACCEPTED SOLUTION

Former Member
0 Kudos

Heya,

Have you tried testing the structural profile? Does that allow maintenance of the selected employee? You can use tcode RE_RHAUTH00 to display structural access of the test-id.

Another thing to try might be to separate infotype 0006 from the P_ORGINCON to own object and list also subtypes user should be allowed to maintain. Include also dummy subtype ' ' to the subtype list to allow use of overview button in PA30.

Regards,

Saku

9 REPLIES 9

Former Member
0 Kudos

Hi,

Are you using PA30 to create the IT0006 record or is it via some custom program?

AUTH= S is also relevant to Write access for master data but this is based on symmetric double verification principle meaning two users are always required to create or change the infotype record instead of complete write access to any particular user (AUTHC= W or *). The users have the same authorizations assigned and hence the process is called symmetrical.

Thanks

Sandipan

Former Member
0 Kudos

Heya,

Have you tried testing the structural profile? Does that allow maintenance of the selected employee? You can use tcode RE_RHAUTH00 to display structural access of the test-id.

Another thing to try might be to separate infotype 0006 from the P_ORGINCON to own object and list also subtypes user should be allowed to maintain. Include also dummy subtype ' ' to the subtype list to allow use of overview button in PA30.

Regards,

Saku

0 Kudos

Hi Guys,

First of all, thanks for your feedback.

@ Sandipan,

Sorry for not making my scenario clear enough. Iu2019m trying to create records via PA30 and not intend to implement the double verification principle. Thus, AUTHC = S in this case is not relevant and giving * might giving them extra access to play with the lock/unlock features (please correct me if Iu2019m wrong).

@ Saku,

Iu2019ve tested the structural profile, but not sure if I do it correctly. However, based on the report generated using RE_RHAUTH00, it allows access to the said Person (P). Appreciate if you could advice on how can I ensure the Authorization Profile is really working fine. Below is how the profile is configured in OOSP:

Auth profile No. Plan Obj. Object ID Maint. Eval Status

Vers. Type Path Vec

ZHR-xxxxxx 1 01 O 12345678 [ ] O_S_P 12

Iu2019ve also tried to separate the infotype from the other infotypes and specified the subtype accordingly, but the test results are the same. I believe it must have something to do with the structural profile. Actually I copied the profile from my previous project which works fine u2013 however not sure if there is any configuration that Iu2019ve missed this time.

Appreciate your helps in this matter. Regards.

0 Kudos

>

> @ Saku,

> Iu2019ve tested the structural profile, but not sure if I do it correctly. However, based on the report generated using RE_RHAUTH00, it allows access to the said Person (P). Appreciate if you could advice on how can I ensure the Authorization Profile is really working fine. Below is how the profile is configured in OOSP:

>

> Auth profile No. Plan Obj. Object ID Maint. Eval Status

> Vers. Type Path Vec

>

> ZHR-xxxxxx 1 01 O 12345678 [ ] O_S_P 12

> Appreciate your helps in this matter. Regards.

Hi,

The maintenance tick box seems to be emtpy. I assume your result is something like this for the employee you are trying to maintain:

01 P 123 01.06.2009 31.12.9999 [ ] ZHR-xxxxxx

If you add tick to maint. path in the structural profile you should also see the tick on the results and that should allow you then maintenance of the master data ie.

Auth profile No. Plan Obj. Object ID Maint. Eval Status

Vers. Type Path Vec

ZHR-xxxxxx 1 01 O 12345678 [X] O_S_P 12

Regards,

Saku

0 Kudos

Hi Saku,

I've ticked the maintenance box in OOSP for the said Auth Profile and save the changes accordingly. However, same error message occur. Please help

Regards

0 Kudos

Did you also try running the reports RHBAUS00 and RHBAUS02 after updating the Structural profiles? Please give it a try since these will refresh the structural buffering in INDX.

Thanks

Sandipan

0 Kudos

Hi,

Try what Sandipan suggested (refreshing the buffers). If that does not change it all I can think is left is time logic. Check the time constraint and access. auth of infotypes (SM30: V_T582A and subtypes (V_T591A). Then compare with you authorisations (P_ORGINCON values and infotype 0001 of the test employee).

I would maybe try to isolate the problem first by giving structural profile ALL to the employee and then modifying P_ORGINCON (PROFL field *). If that fixes the issue we know it is because of structural profile.

If that does not fix the issue then I would try giving P_ORGINCON with * values. If that does not fix the issue I would assume that the employee is in default position (99999999) and then we need to start changing authorisation switches. That would happen in tcode OOAC. There check the descriptions and values of AUTSW DFCON and ORGPD specifically.

Regards,

Saku

0 Kudos

Hi Saku,

Thanks for your advice - it is definitely due to Auhtorization profile - incorrect evaluation path I guess. I'm still looking for the correct evaluation path that can control by specifying the Obj Type/ID O in OOSP. Evaluation path tested so far: O-S-P, O-O-S-P and O_S_P but none of these allows me to create new record directly via PA30.

The weird thing is, I manage to maintain the existing record with the following steps :

PA30 > select IT0006 > select Overview > click Edit button > edit records > save.

Still looking for the root cause, appreciate your input and thoughts. TQVM

0 Kudos

Hi All,

False alarm - no issue at all. Just to share that I've overlooked the effective date (future dated at that point of time). I'm not able to create records for the affected employee because the authorization will only be granted on the day the employee join the organization unit specified in the profile.

Best Regards.