Skip to Content

Question regarding Auth Object P_TRAVL

Hi guys,

I'm about to murder authority object P_TRAVL, let me elaborate why:

Our designed business process for trips dictates the following:

The Traveler is allowed to read all travel objects there are (with objects I mean Requests, Expense sheets, Plans), he is furthermore allowed to create requests and plans from scratch, to alter requests and expense sheets that are in draft mode and to delete these. Once a request/report is sent for approval, or in addition to it, approved or even further settled etc, he is NOT allowed to do changes or delete anything anymore. So these are the subsequent configurations I made for the authority object P_TRAVL:

...furthermore the Traveler is allowed to create an expense reports on basis of an approved travel request after the trip has been completed. That's what the WDYN FITE_VC_PRESELECTION is predestined for. With some enhancements I got the list only to output these trips:

but, naturally, creating expense reports for it is not possible, because AUTHS W21 is not assigned 😭. If I assign W21, at the other hand, the traveller would be empowered to change approved travel requests and save them back into draft mode, i.e. revoke the business process = armageddon.

What do I do now? This circumstance gives me a paralyzing feeling....

The only thing I can think of at the moment is enhancing all possible parts of the entire FI-TV module where people can click on a button "change" of trips with status 2-1 and statically disable them; afterwards assigning W21 to the Role so this one application, where it's supposed to be possible, works...bah...

Any help is appreciated.

Cheers, Lukas

P.S. goddammit, SAP, goddammit...

P_TRAVL.JPG (24.9 kB)
p_travl_2.JPG (53.7 kB)
Add comment
10|10000 characters needed characters exceeded

  • Get RSS Feed

2 Answers

  • Best Answer
    avatar image
    Former Member
    Nov 22, 2012 at 09:26 PM

    Hi Lukas,

    I ran into a similar problem before with the object because users can also change the date of the expenses.

    Solution was to wrapper the API and within the wrapper control the date and status of the field.

    I interpret that to be what BAPIs are for and the standard WS and WDA are actually just demo apps in my books..  :-)

    If the business process "in the wild" wants it differently (and more stable..) the call the stable API and control it via the wrapper application.

    Not sure whether this is a widely spread best practice, but works for me.

    Cheers,

    Julius

    ps: Please add the security tag and the SOA (?) tag to this thread instead of cross-posting.

    Add comment
    10|10000 characters needed characters exceeded

    • Former Member Lukas Weigelt

      Sauber!  :-)

      Now... if you really want to do this the Rolls-Royce way:

      Go to transaction SU24 and maintain P_TRAVL object for each of the two WDA applications with the correct proposal values. Then add the two WDAs via the menu of the role and on the authorizations tab select "Expert Mode" -> "Read new and merge old data". The P_TRAVL will then be automatically inserted into the role(s) with the correct values.

      Advantages are mainly, that you only need to research / troubleshoot / trace it once, and anyone in the system using the same applications for roles will automatically have the same behaviour (controlled by the authorizations) and via the where-used-list (icon of the Alps with the sun coming up) you will know (and anyone else in future as well...) where the application object is used and why it is needed by that role. It will not merge them into one instance if they are not uniquely mergable values.

      Cheers,

      Julius

  • avatar image
    Former Member
    Feb 05, 2015 at 10:24 PM

    This is how the tables turn - I have the same problem now and cannot get it to work...  so I searched and found this... LOL... ;-)

    We have activated structural authorizations and P_ORGINCON. We are using ACTEXP_APPR_LITE via NWBC to approve working times and travel expenses.

    For times the org structure works fine and the chief can see and approve times of their direct employees. All ok.

    But for travel expenses they can see and approve everyone if they are a chief and have the MMS role. The auth trace is showing that KOSTL is checked, but we dont want to control via that as the cost center hierarchy does not exactly match the org structure and the org structure seems not to be pulled for the chief to show only the trips of their direct reports.

    AUTHF seems to be the (rather complicated) solution.. but I cannot get it to work. Particularly that the org structure is used to offer only direct reports for approving the trips.

    How did you get my mentioned solution to work? Perhaps I am just getting old... ;-)

    Cheers,

    Julius

    Add comment
    10|10000 characters needed characters exceeded

    • Glad things worked out for you eventually :-)

      The MMS role still needed some tweaks because personnel check = E and needed an equally complicated construct (so that managers also cannot change the status of an approved trip and pay it twice).


      Yes, we had a similar problem concerning P_TRAVL. We have ESS Users who are allowed to maintain themselves but not others (regular mortals) check=O, MSS users vice versa check=E and Power Users who also use the WDA UI and have a mix of both ESS/MSS + special structural authorization. This was quite messy to implement in a consistent manner.


      I took 200 pages of notes. Do you want them?  :-)


      Why, of course! Alternatively you can release another book of our all-time favourite series "How To XYZ in 5 easy steps" concerning FI-TV Authorizations ;-))


      Cheers, Lukas