Definition
Authorization object that is used during the authorization check for HR Reports.Use
This authorization object is used to:
Structure
The P_ABAP authorization object contains the following fields, which are tested during an authorization check:
Authorization Field |
Long Text |
COARS |
Degree of Simplification of the Authorization Check |
REPID |
ABAP Report Name |
More Information About the Fields
Using P_ABAP in HR Reporting:
You can use the relevant authorizations for this object to control how the objects P_ORGIN, P_ORGXX, and the customer-specific authorization object P_NNNNN are used in the specified reports to check the authorization of HR infotypes. You can also use reports to control the infotype authorization check. This can be useful for functional reasons or to improve performance at runtime of the corresponding reports.
For this object, enter the report name(s) in the
REPID field and the degree of simplification to be used for the authorization check in the COARS field.The following degrees of simplification are possible:
Note that an ABAP authorization for report SAPDBPNP with
Furthermore, note that this authorization object differs from the object S_PROGRAM (ABAP: Program Run Checks). The latter is used for general program authorization checks. In HR reports, these checks are carried out in addition to the HR infotype authorization check. HR Reporting, however, overrides the HR infotype authorization check for selected reports, with the result that the authorization checks are weakened or completely switched off.
Examples:
INFTY = 0008
SUBTY = *
AUTHC = R
VDSK1 = <Blank>
...
INFTY = <Blank>
SUBTY = <Blank>
AUTHC = <Blank>
VDSK1 = 0001TIMEXXX
...
REPID = RPTIME00
COARS = 1
A simple check is carried out for the infotype authorization check in conjunction with the RPTIME00 report (HR: Time – Time Evaluation): The system independently checks infotype, subtype, and level on the one hand, and organizational assignment (in the example, the
VDSK1 field (Organizational Key)) according to degree of simplification 1. The Basic Pay (0008) infotype can also be read in the RPTIME00 report (HR: Time – Time Evaluation).However, if the check is not in conjunction with the RPTIME00 report (HR: Time – Time Evaluation), all fields of the object P_ORGIN (HR: Master Data) are checked together. This check does not result in read authorization for the Basic Pay (0008) infotype.
Using P_ABAP to evaluate logged changes in infotype data:
Evaluations of the logged changes in infotype data are subject to infotype authorization checks. The person who starts this kind of evaluation normally has extensive infotype authorizations. In this case, it makes more sense to assign the user a global authorization using the RPUAUD00 report (Logged Changes to Information Types Data) rather than to check individual data. To do so, use an authorization for the existing object that has the value
RPUAUD00 in the REPID field (ABAP – Report Names) and the value 2 in the COARS field (Degree of Simplification).Using P_ABAP to process personal data using payment medium programs in Accounting:
The payment medium programs in Accounting specifically process extremely sensitive personal data. As an additional security measure, the system checks whether the user has a corresponding authorization for the existing object and checks whether the user is authorized to start the program. You must enter the name of the payment medium program in the
REPID field (ABAP – Report Names) and the value 2 (or *) in the COARS field (Degree of Simplification).