Show TOC

 Special Processing of the Authorization Check in Reporting (Master Data)

Problem Description

The SAPDBPNP and SAPDBPAP logical databases are used in many reports. In these reports, they provide certain generic functions such as selection and the authorization check.

If there is no authorization for data selected on a personnel number, the logical databases cannot determine what the optimal response to the special request is.

As long as nothing to the contrary is determined in the code, personnel numbers for which all data records except one can be accessed by users are completely skipped.

Examples

  1. A report that should output only address data can continue to run using partial data of a personnel number.

  2. A report that runs evaluations by personnel number generally works best if it can read all the data requested on the personnel number concerned.

  3. A report that generates a set of statistics yields a correct result only if all selected personnel numbers are processed by the system

Solution

You can use the following procedures if you want to change the behavior of the SAPDBPNP logical database:

  1. You can program the logical database not to skip personnel numbers. The data is, nevertheless, only made available to the relevant reports for the authorization check There is no direct way to access the data that was not read by the authorization check. This procedure is meaningful for the first example, but not for the other two examples. The relevant report implements the setting as follows:

  2. INITIALIZATION.

    PNP_SW_SKIP_PERNR = 'N'.

  3. It is conceivable in examples 2 and 3 that the evaluation would be possible for a certain period but not for a longer selection period. Normally, the logical database always selects all the data of an infotype and checks the authorization. If you want the system to read and check only the data of the selection period, you can use the RP_SET_DATA_INTERVALL macro (for the START-OF-SELECTION period) for this.

  4. The data is not requested immediately (addition MODE N for the INFOTYPES statement) and is checked by the report itself. The report uses the HR_READ_INFOTYP and/or the HR_CHECK_AUTHORITY_INFTY function modules from the HRAC group to check the data and decides itself how to react to missing authorizations.

Note Note

Procedures 1 and 2 are available for SAPDBPNP and are not supported by SAPDBPAP. Procedure 3 is always available. Procedure 3 is the only way of solving problems with the authorization check if a report requires only one subtype of an infotype and if users should not be able to access the other subtypes of the infotype.

End of the note.