IMPLEMENTING STRUCTURAL AUTHORIZATIONS Part 8
Structural authorization in SAP HR reports:
After all these steps you should be capable of test your structural profile to a manager in transactions as PA20, PPOSE and PTMW but you also should have noticed that when you run a report in HR, your structural profile can’t restrict the data. You still have data from all employees.
What should you do in this case?
This is actually not should you do but what should your basis do.
There is an authorization object named P_ABAP. This authorization object is responsible for authorize or not the execution of the reports in SAP. What some people don’t know is that this object has a flag which determines if a specific report (identified by the program name) has to respect or not the structural authorizations.
The field name of this flag is COARS and it has two values:
- 1. Infotype authorization independent of org. assignment: This value makes the report always respect the structural profile.
- 2. Report must be run executed without being checked: The value makes the report skip the authorization check and then he runs for all the employees (this can be used to HR professional for example).
Tips and Tricks.
- It is quite common organizations activate structural profiles and forget that some Z’s can’t be restricted. In these cases, some functions can help ABAPs skips the authorization check.
These function names are RH_AUTHORITY_CHECK_OFF and RH_AUTHORITY_CHECK_ON.
The most important is that you must remember of always set the authority check again at the end of the method.
As this one, there is another function module specific to turn off and turn on the structural authorizations. One ABAP programmer can easily find those functions.
Previous document: http://scn.sap.com/docs/DOC-71579