Home TORC: The OneRoleConcept TORC and IdM SAP HCM Security SAP HCM Solutions About KNUZEN Contact Information
The standard tools for identifying authorizations errors SU53 Which authorization object was missed ST01 The trace Learn the users to report an authorization issue.
When you receive an authorization error related to SAP HCM you can identify the error with a few simple tools   SU53 is properly the most well know support tool for hunting down an authorization error. In many support organisations the end user in a SAP system will be asked for the output of SU53. This tool grants the user an indication of which authorization object the system failed with. E.g. P_ORGINCON access to infotype 0001 organizational assignment for employee subgroup U1 and structural profile PRODUCTION. The SU53 transaction will also give you an overview of those profiles you have where P_ORGINCON is included so you as supporter/ analyst can trace wether this authorization error must be corrected or because the end user simply is not granted access ”technical succes” In many incidents you will find that the authorization error is related to master data isue and in this case you will need a RCAT: Root Cause Analysis tool for identifying the error because the standard tools such as SU53 and ST01 does not grant you information of the missing master data. see also the page related to RCAT: Root CauseAnalysisTool from the OneRoleConcept tools. Before you can use this tool you need to grant the endusers access to this tool e.g. through a global basis role. If you have contact with the user mail/ phone you can grap the SU53 information yourself in SU53 there is a functionality for running it for other users and if the end user has confirmed the error to you by phone you can run the SU53 directly in the system for this user. Learn the end users to inform you about the authorization issue. For SAP HCM authorization problems one of the most imporatnt things for solving the issues is to get sufficient information related to the problem from the end users/ or super users. For solving SAP HCM authorization problems you would as a minimum need information such as : When reporting an authorization issue within SAP HCM please specify :  Who is having the problem? Specify UserID  Where do you have the issue? Is it in the portal or in the SAP GUI/ SAP system?  For which employee did you have a problem? Personnel number required.  Which transaction did you use? + if it was a report -please specify the selection variant.  Which infotype did you try to access?  Write a Oneliner or a Short description about what you tried to do . Add a  screenshot of the transaction SU53. The SU53 transaction can be runned right after you have experienced an authorization problem. Add the SU53 screen shoot so your helpdesk can see where you received the problem (If you have the problem in portal you can't run the SU53 transaction!) Right information can reduce your process time pr incident dramatical so make sure the end users / super users are proper educated and know how to create a authorization ticket with the information neededotherwise your supporters will use waist of time in gathering the information pr incident. When the problem for accessing a certain employee is based on the structural authorisations the SU53 can hand you some strange answers for which infotypes you need to have access to. Skip the infotype demand presented by SU53 and concentrate your attention on handling the structural authorisations instead. You can use the trace analysis delivered through transaction ST01. Select the USER for analysis and mark the radiobutton for authorizations. The user selection is done through General Filters. When the users has received the authorization messaged you can stop the trace and run the analysis of the trace. The analysis will show you all the authorization objects which is used and also those where you recieved the error !
1: home
2: knuzen_curriculum_vitae
3: The SAP HCM Authorization concept: The OneRoleConcept
4: RCAT: The RootCauseAnalysisTools related to the OneRoleConcept
5: contact.htm
7: Business Control with OneRoleConcept
8: The Details of the OneRoleConcept
10: The OneRoleConcept Business benefits
11: SAP HCM transit position in Om as DMZ for transfer activity
12: SAP HR structural authorization for multiple parts of the organisation.
13: LSO and PD Catalogue control
14: Knuzen Substitute/ Deputy solution for line managers
15: Enterprice, personnel and organisational structures in SAP HCM
16: sap_enterprise_structures_revisited
17: Clean up SAP Organisational Management
18: Consistency check of SAP OM and PD tables
19: SAP HCM combined with personnel development functionality
20: Optimize the System Performance with indexing structural authorizations: RHBAUS00
21: Identity management with the use of SAP HCM attributes
22: organizational_key_vdsk1
23: master_derived_composite_sap_roles.htm
24: Standard tools for identifying SAP HCM authorization issues
25: Enhance the layout of PPOME and PPOSE the organisational structure
26: Enhance the existing PD model and use it for personnel development
27: To be structural restricted or not to be... thats the question
28: Automate your SAP solution and avoid errors and business break downs
29: SAP HCM Authorizations and performance
30: design_support_organisations_1.htm
31: design_support_organisation_2.htm
32: design_support_organisation_3.htm
33: Upload Documents on your employees
34: Upload Documents on your employees
35: Upload Documents on your employees
36: The role assignment can be used for compliance check and license control.
37: Upload Documents on your employees
38: Upload Documents on your employees
39: Upload Documents on your employees
40: Upload Documents on your employees
41: Data Model for E-ercruiting and Tips & Tricks
42: Upload Documents on your employees
43: Upload Documents on your employees