PNP Authorisation fails
Hi,
I have a problem with pnp authorisation.
Reports with pnp logical base is not checking the role based authorisation.
eg: An employee is not authorised to view basic pay information of senior management . I have restricted authorisation based on payscale group. But get pernr is retrieving all senior management basic pay details.
Please assist. This is a production issue.
How are you applying the authorisation check on PS Group? I didn't think that was possible in the standard system (although it has been a while)?
Please post the provide/select statement which is retrieving the Basic Pay data for the employees.
Ailwyn
Hi,
Authorisation is role based. Given p_origin for infotype 8 and excluded senior management by employee sub group.
Infotypes: 0001, 0008.
get pernr.
Get pernr statement if retrieving senior management employees details in p0008 internal table. Why is that get pernr is not checking the rolebased authorisation's . Please any one help asap. Thanks
Do you use standard of specific (home written) programs ?
Does the same problem happens with standarad ones ? If not, check in your programs (or ask an abapper to do it) that the abap instruction "infotypes" is included in the code.
_________________
Piku
The key to this is probably in the retrieval from the database:
If you are using PROVIDE * FROM P0008 when retrieving the records from the infotypes then the authorisation should work.
If you are using SELECT * FROM PA0008 (for example) this bypasses all of the authorisation checks and reads the values directly from the table.
If you are using the PROVIDE then I suggest you try and run an ad-hoc query to retrieve salary amounts for these employees (this will test the authorisations).
Ailwyn