Skip to Content
avatar image
Former Member

Default Authorization object P_ABAP for PA20

Dear colleagues!

After SP implementation roles wer—É adjusted and new authorization check for P_ABAP was added for transaction PA* (PA20, PA30...).

Where is hr-reporting checks in these transactions? It's critical for personnel data maintenance or used only for sub-menu reports?

Trace for PA20 shows the following values for P_ABAP check (PA20-Goto-Planning Data-...):

P_ABAP RC=12 REPID=SAPMP50A;COARS=2;

P_ABAP RC=12 REPID=SAPDBPNP;COARS=2;

SAP Release ERP 6.0 EHP4 (10 stack)

Regards,

A.M.

Add comment
10|10000 characters needed characters exceeded

  • Get RSS Feed

2 Answers

  • avatar image
    Former Member
    Dec 27, 2011 at 02:54 PM

    Hi,

    The values mentioned for P_ABAP here is not necessary to be added in a role. SAPDBPNP is a logical database and providing P_ABAP with degree of simplification (COARS) = 2 is very dangerous, as it will bypass any authorization check while executing reports related to that logical database.

    Providing such values will disturb your entire authorization design as even though you might restrict an user on few Infotypes in P_ORGINCON, but with this value, it actually bypasses any report using this logical database to check for Infotype authorization or structural auth restriction.

    To suggest a possible solution, I would like to know exact activities intended to be done with PA20 and level to access provided in P_ORGINCON. Please can you share that here?

    Thanks,

    Deb

    Add comment
    10|10000 characters needed characters exceeded

  • avatar image
    Former Member
    Jan 01, 2012 at 06:06 AM

    Dear AM,

    If you analyze SU24 for the tcode PA20, you will find the that SAP proposed P_ABAP though it's in no-check status.

    So there are some functionality within the PA20 for which P_ABAP is checked.

    The scenario, you have mentioned is basically running some reports and therefore system is cheking P_ABAP.

    As Debmalya mentioned it's dangerous to maintain value 2 since it bypasses standard infotype check. So maintain accordingly.

    Thanks

    Aktar

    Add comment
    10|10000 characters needed characters exceeded