REKH0004 - SAP 그래픽 데모 프로그램
RGUGBR00 - Substitution/Validation utility
RHGRENZ0 - 오브젝트 한계 결정
RHGRENZ1 - 신규 종료일 설정
RHGRENZ2 - 정보 유형 한계 결정
RKCTSEAR - 프로그램 내 문자열 탐색
RPR_ABAP_SOURCE_SCAN - ABAP 레포트 소스 탐색
RPUAUD00 - HR 인포타입 데이타의 로그 변경
RPUAUDDL - HR 인포타입 데이타에서 로그된 변경사항 삭제
RPUDELPN - 사원번호 완전히 삭제
RPUP1D00 - 파일 PCL1에서 개별레코드 조회 및 삭제
RPUP2D00 - 데이타베이스 PCL2에서 단일레코드 조회 및 삭제
RPUP3D00 - 파일 PCL3에서 단일레코드 조회 및 삭제
RPUP4D00 - 파일 PCL4에서 단일레코드 조회 및 삭제
RSBDCBTC - Batch 입력에 대한 유틸리티 레포트
RSBDCDRU - Batch 입력:세션 내용 인쇄
RSBDCOS0 - OS 명령어 실행( SYSLOG 및 추적파일에 로그 )
RSBDCSUB - Batch Input : Process All Sessions
RSBTCDEL - Batch 작업 삭제
RSINCL00 - ABAP 프로그램 참조 리스트
RSORAREL - Oracle 버젼 점검
RSPARAM - Profile 파라미터 값 조회
RSPO0041 - Old Spool Request 삭제
RSRSCAN1 - 프로그램 소스코드에서 문자열 찾기
RSSNAPDL - 짧은 덤프의 테이블 SNAP에 대한 재구성프로그램
RSTXFCON - SAPscript: 서식에 대한 페이지 포맷 변환
RSTXSCRP - SAPscript를 데이타세트로 export / SAPscript를 데이타세트에서 import
RSTXTRAN - Correction에 SAPscript 텍스트전송
RSUSR001 - 정보 시스템 권한
RSUSR002 - 사용자 점검
RSUSR003 - 전체 클라이언트의 사용자 SAP* 및 DDIC의 비밀번호 점검
RSUSR009 - 중요 권한이 있는 사용자 리스트
RSUSR006 - 잘못된 로그온에 의해 잠겨진 사용자마스터레코드의 리스트
RSWBO052 - 오브젝트디렉토리엔트리 변경
RSWBO060 - 전송 요청에서 오브젝트 포함
2010년 2월 26일 금요일
2010년 2월 21일 일요일
Additional Functions for Authorization Checks
Additional Functions for Authorization Checks
In this section you can find information on the most important reports that play a role for mySAP HR in the context of authorizations.
See also:
Report RHPROFL0
Report RHBAUS00 (Regeneration INDX for Structural Authorization)
Report RHBAUS01 (Output of Views on Objects in the Structural Authorization)
Report RHBAUS02 (Check and Compare T77UU (User Data in SAP Memory))
Report RPUACG00 (Code Generation: HR Infotype Authorization Check)
Report RHUSERRELATIONS (Display User Assignments)
In this section you can find information on the most important reports that play a role for mySAP HR in the context of authorizations.
See also:
Report RHPROFL0
Report RHBAUS00 (Regeneration INDX for Structural Authorization)
Report RHBAUS01 (Output of Views on Objects in the Structural Authorization)
Report RHBAUS02 (Check and Compare T77UU (User Data in SAP Memory))
Report RPUACG00 (Code Generation: HR Infotype Authorization Check)
Report RHUSERRELATIONS (Display User Assignments)
Troubleshooting Authorization Problems
Troubleshooting Authorization Problems
Use
The procedures described in this section are designed to help you analyze problems that arise in connection with authorizations.
Determining minimum authorization
You can use the following two procedures to determine which authorizations a user requires to carry out a transaction:
Set up authorizations for the relevant transaction and for the SU53 transaction for the user. Then call up the transaction and wait until the authorization check denies you access. Finally, use the SU53 transaction to see what type of authorization check was carried out. Add the missing authorization and repeat the process. This procedure is simple but can be fairly lengthy.
Start an authorization trace using the ST01 transaction and carry out the transaction with a user who has full authorizations. On the basis of the trace, you can see which authorizations were checked.
This procedure generally works well. However, sometimes the result is very surprising because certain programs can and do ignore some authorization checks by using preliminary checks and buffered results. In such cases, these methods are not very effective. You can recognize these cases because certain fields of the corresponding programs are specified with * or DUMMY at some point of the authorization check.
Analyzing authorization problems in an unknown program
The most frequently used method to analyze authorization problems in an unknown program involves you setting the Debugger breakpoints to the AUTHORITY-CHECK and MESSAGE commands. Then execute the program and analyze its behavior.
Determining all the authorizations a user has for an authorization object
When troubleshooting, it is often helpful to find out all the authorizations a specified user has for a specific authorization object. A simple method of reading these authorizations as raw data from the user master record is to execute the GET_AUTH_VALUES function module in the SUSR function group. Use the SE37 transaction or SE80 in test mode to do so. The result table is not formatted for output, but is very compact and easy to understand for authorization experts.
Analyzing an authorization problem that occurs for only one user
It is often the case that a certain authorization problem occurs for only one specific user. This kind of authorization problem generally affects users with no Debugging authorization. If you want to assign a user Debugging authorization without changing the HR authorizations, you can add the S_A.DEVELOP authorization profile (if available) to the user’s authorization profiles. In production systems, note that changes such as these to authorizations enable users (with relevant knowledge of the development environment) to access any system data easily (especially in other clients).
Analyzing an authorization problem that occurs for only one personnel number
Authorization problems that occur for a single personnel number are caused almost always by incorrect settings in the environment of the P_PERNR authorization object.
Authorization problems that are user-independent and occur for a single personnel number are caused almost always by a specialized organizational assignment (or even an incorrect organizational assignment). In this case, you should check the data of the Actions (0000) and Organizational Assignment (0001) infotypes and the relationships with the organizational structure (actively integrated systems) thoroughly.
Analyzing authorization problems in connection with locking and unlocking infotype records
Authorization problems that occur in connection with locking and unlocking infotype records are often caused by the CHECK_AUTH_SET_ENQ (SAPFP50M) form.
Localizing the cause of authorization problems after the import of HR Support Packages
The majority of code for the HR Master Data authorization check is localized in the CL_HRPAD00AUTH_CHECK_STD and CL_HRPAD00AUTH_CHECK_FAST classes, the SAPFP50P report, and the HRAC function group. You can also find smaller parts of code in the SAPDBPAP, SAPDBPNP, and SAPFP50M reports. If authorization problems are caused by HR Support Packages, a good place to start looking for changes to the code is in the above-mentioned classes and reports.
Useful questions for solving authorization problems
Over 90% of SAP’s incoming messages about authorization problems are consulting problems. What is more, in many cases customers are convinced that an error is causing their problems when in fact the problem is due to a misunderstanding of the functions of the corresponding protection mechanism. When analyzing authorization problems, it is therefore important that you can answer the following questions:
What data (which infotype/subtype) did the user access and how (using which transaction or which function of a transaction)?
How did the system react (did it incorrectly allow or deny access)?
How should the system have reacted (should it have allowed or denied the user access)?
Which authorization main switches are set up in the system?
How are the authorizations for the activated authorization checks set up?
Are the data records of the Organizational Assignment infotype (0001) as they should be for the personnel number in question?
Use
The procedures described in this section are designed to help you analyze problems that arise in connection with authorizations.
Determining minimum authorization
You can use the following two procedures to determine which authorizations a user requires to carry out a transaction:
Set up authorizations for the relevant transaction and for the SU53 transaction for the user. Then call up the transaction and wait until the authorization check denies you access. Finally, use the SU53 transaction to see what type of authorization check was carried out. Add the missing authorization and repeat the process. This procedure is simple but can be fairly lengthy.
Start an authorization trace using the ST01 transaction and carry out the transaction with a user who has full authorizations. On the basis of the trace, you can see which authorizations were checked.
This procedure generally works well. However, sometimes the result is very surprising because certain programs can and do ignore some authorization checks by using preliminary checks and buffered results. In such cases, these methods are not very effective. You can recognize these cases because certain fields of the corresponding programs are specified with * or DUMMY at some point of the authorization check.
Analyzing authorization problems in an unknown program
The most frequently used method to analyze authorization problems in an unknown program involves you setting the Debugger breakpoints to the AUTHORITY-CHECK and MESSAGE commands. Then execute the program and analyze its behavior.
Determining all the authorizations a user has for an authorization object
When troubleshooting, it is often helpful to find out all the authorizations a specified user has for a specific authorization object. A simple method of reading these authorizations as raw data from the user master record is to execute the GET_AUTH_VALUES function module in the SUSR function group. Use the SE37 transaction or SE80 in test mode to do so. The result table is not formatted for output, but is very compact and easy to understand for authorization experts.
Analyzing an authorization problem that occurs for only one user
It is often the case that a certain authorization problem occurs for only one specific user. This kind of authorization problem generally affects users with no Debugging authorization. If you want to assign a user Debugging authorization without changing the HR authorizations, you can add the S_A.DEVELOP authorization profile (if available) to the user’s authorization profiles. In production systems, note that changes such as these to authorizations enable users (with relevant knowledge of the development environment) to access any system data easily (especially in other clients).
Analyzing an authorization problem that occurs for only one personnel number
Authorization problems that occur for a single personnel number are caused almost always by incorrect settings in the environment of the P_PERNR authorization object.
Authorization problems that are user-independent and occur for a single personnel number are caused almost always by a specialized organizational assignment (or even an incorrect organizational assignment). In this case, you should check the data of the Actions (0000) and Organizational Assignment (0001) infotypes and the relationships with the organizational structure (actively integrated systems) thoroughly.
Analyzing authorization problems in connection with locking and unlocking infotype records
Authorization problems that occur in connection with locking and unlocking infotype records are often caused by the CHECK_AUTH_SET_ENQ (SAPFP50M) form.
Localizing the cause of authorization problems after the import of HR Support Packages
The majority of code for the HR Master Data authorization check is localized in the CL_HRPAD00AUTH_CHECK_STD and CL_HRPAD00AUTH_CHECK_FAST classes, the SAPFP50P report, and the HRAC function group. You can also find smaller parts of code in the SAPDBPAP, SAPDBPNP, and SAPFP50M reports. If authorization problems are caused by HR Support Packages, a good place to start looking for changes to the code is in the above-mentioned classes and reports.
Useful questions for solving authorization problems
Over 90% of SAP’s incoming messages about authorization problems are consulting problems. What is more, in many cases customers are convinced that an error is causing their problems when in fact the problem is due to a misunderstanding of the functions of the corresponding protection mechanism. When analyzing authorization problems, it is therefore important that you can answer the following questions:
What data (which infotype/subtype) did the user access and how (using which transaction or which function of a transaction)?
How did the system react (did it incorrectly allow or deny access)?
How should the system have reacted (should it have allowed or denied the user access)?
Which authorization main switches are set up in the system?
How are the authorizations for the activated authorization checks set up?
Are the data records of the Organizational Assignment infotype (0001) as they should be for the personnel number in question?
2010년 2월 19일 금요일
HR expert - article - Align SAP Time Management with Your Company’s Time Quota Requirements
Many organizations allow employees to exceed their annual leave entitlement quotas to a certain limit, but how do you regulate such quota modifications in SAP ERP? I’ll show you how to configure time quotas that surpass leave entitlement policies and ensure that additional leave time from one year is deducted properly for the subsequent year. Conversely, if your organization doesn’t subtract surplus leave entitlement quotas from one year to the next, I’ll describe how to avoid penalizing employees in SAP ERP for the following year.
Typically, the HR department processes time quotas as part of its year-end activities or at the beginning of each year through time evaluation reports RPTIME00 (for positive time) or RPTQTA00 (for negative time). However, you can use RPTIME00 for both positive and negative time. Some organizations use RPTQTA00 if they perform their time evaluation using the payroll driver instead of RPTIME00. In both situations, your time quotas must be accurate to avoid erroneous time data. I’ll discuss the configuration steps necessary to address the following two business scenarios:
1. A company allows employees to exceed leave entitlement to a certain limit and doesn’t carry over the time quota to the following year
2. A company allows employees to exceed leave entitlement to a certain limit and deducts the additional time used from the following year’s leave entitlement quota
The configuration steps I describe in this article are pertinent to R/3 Release 4.0B and onwards and all SAP ERP releases. Apply these time quota adjustments as needed or on an annual basis, per your company’s requirements
Typically, the HR department processes time quotas as part of its year-end activities or at the beginning of each year through time evaluation reports RPTIME00 (for positive time) or RPTQTA00 (for negative time). However, you can use RPTIME00 for both positive and negative time. Some organizations use RPTQTA00 if they perform their time evaluation using the payroll driver instead of RPTIME00. In both situations, your time quotas must be accurate to avoid erroneous time data. I’ll discuss the configuration steps necessary to address the following two business scenarios:
1. A company allows employees to exceed leave entitlement to a certain limit and doesn’t carry over the time quota to the following year
2. A company allows employees to exceed leave entitlement to a certain limit and deducts the additional time used from the following year’s leave entitlement quota
The configuration steps I describe in this article are pertinent to R/3 Release 4.0B and onwards and all SAP ERP releases. Apply these time quota adjustments as needed or on an annual basis, per your company’s requirements
2010년 2월 16일 화요일
2010년 2월 10일 수요일
/561 처리 방법
1. /561을 당월 반제처리시
PCR "ACTIO X04A *Import claim from previous period"를 수정
[수정전]
000010 AMT=L /565ADDWTI/566ADDWTI/560ADDWTI/562*
000020 1 AMT=L /561ADDWTI/563SUBWTI/560SUBWTI/562
[수정후]
000010 AMT=L /565ADDWTI/566ADDWTI/560ADDWTI/562
2. 청구를 사원미지급계정으로 처리시 소급경우 반제한 청구금액을 미지급급여로 산입처리
BAdI 에서 계정수정
[sample code]
METHOD if_ex_smod_pcpo0001~exit_rpcipe00_001.
*소급시 청구'/561은 미지급비용을 처리해서 넘김
* 청구발생 월이 이미 반제처리하여, 소급되었다 하더라도 다음 급여 전표에 여향을 주어서는 안됨.
IF item-komok = '5140' AND result-srtza = 'P'.
komok_mod = '5130'.
ENDIF.
ENDMETHOD.
PCR "ACTIO X04A *Import claim from previous period"를 수정
[수정전]
000010 AMT=L /565ADDWTI/566ADDWTI/560ADDWTI/562*
000020 1 AMT=L /561ADDWTI/563SUBWTI/560SUBWTI/562
[수정후]
000010 AMT=L /565ADDWTI/566ADDWTI/560ADDWTI/562
2. 청구를 사원미지급계정으로 처리시 소급경우 반제한 청구금액을 미지급급여로 산입처리
BAdI 에서 계정수정
[sample code]
METHOD if_ex_smod_pcpo0001~exit_rpcipe00_001.
*소급시 청구'/561은 미지급비용을 처리해서 넘김
* 청구발생 월이 이미 반제처리하여, 소급되었다 하더라도 다음 급여 전표에 여향을 주어서는 안됨.
IF item-komok = '5140' AND result-srtza = 'P'.
komok_mod = '5130'.
ENDIF.
ENDMETHOD.
2010년 2월 9일 화요일
for posting to customer accounts
"Define Symbolic Accounts"
1.D for employee customer accounts
"Assign Customer Accounts"
1. Enter the required chart of accounts.
2. Choose Rules to make settings for the posting procedure Personnel posting to customers (HRD).
a) Flag the Debit/Credit indicator, only if you want to book debit and credit to different accounts. Since, within Posting to Accounting only summarized documents are posted, it is not recommended that you flag this indicator.
b) If you flag the indicator Employee group, an additional column, Employee group appears in account assignment. It only has to be flagged if you want to post to a symbolic account for a specific employee grouping. For this reason, you must have flagged the MG indicator for the relevant symbolic accounts in the step Define Symbolic Accounts
3. Choose Posting key. Enter the posting key for postings to customers or copy the default values (01 for debit postings and 11 for credit postings).
4. Choose Accounts. Make the corresponding entries in the table T030.
a) If you want to assign a fixed account to a symbolic account, and, if required, an employee grouping, enter the number of the customer account in the Acco column.
b) If you want to assign an employee account to a symbolic account, and, if required, an employee grouping, enter the relevant key (see table, below) in the Acco column.
Personnel no. in field (customer master d.) Entry in acct field (T030)
Personnel number *0002
Search term *0001
Telephone 2 *0003
Data line *0004
Teletex number *0005
2010년 2월 8일 월요일
SAP Reports
REKH0004 - SAP demo program that shows how to do 2D, 3D, and 4D graphics.
RGUGBR00 - Substitution/Validation utility
RHGENZ0/HRGRENZ2 - Notes RHGRENZ0/2 will abend if there are any inconsistencies between PD and PA (i.e. people in a different controlling area than the position they belong to).
RHGRENZ0 - Delimit IT1000 and related 1001s. Program will delete any 1001 infotypes whose start date is after the delimit date.
RHGRENZ1 - Extend the end date on delimited records. Very useful when you delimit a bunch of records incorrectly, and need to change the end date.
RHGRENZ2 - Delimit IT1001 only.
RKCTSEAR - Search source code for up to two strings. Also see RSRSCAN1 and RPR_ABAP_SOURCE_SCAN.
RPDTRA00 - List all HR transactions.
RPR_ABAP_SOURCE_SCAN - Search ABAP code for a string. Has many more options for selecting the ABAPs to search than RSRSCAN1 or RKCTSEAR.
RPUAUD00 - HR Report to list all logged changes for an employee. Uses the PCL4 Audit Cluster.
RPUAUDDL - HR Report to delete audit data from the PCL4 Audit Cluster.
RPUDELPN - Delete all info for an employee number, including cluster data and infotypes
RPUP1D00/10 - View/Delete data from PCL1 Cluster
RPUP2D00/10 - View/Delete data from PCL2 Cluster
RPUP3D00/10 - View/Delete data from PCL3 Cluster
RPUP4D00/10 - View/Delete data from PCL4 Cluster
RSABAPIV - Mass print/display of ABAP/4 help text
RSAVGL00 - Table adjustment across clients
RSBDCBTC - Submit a BDC job with an internal batch number and wait for the end of the batch input session.
RSBDCDRU - Prints the contents of a Batch Input session. No options for error transactions only.
RSBDCOS0 - Execute UNIX commands. Looks similar to the old SAPMSOS0 program that disappeared in 3.0
SBDCSUB - Release batch input sessions automatically
RSBTCDEL - Clean the old background job records
RSCLTCOP - Copy tables across clients
RSDBCREO - Clean batch input session log
RSINCL00 - Extended program list
RSORAREL - Get the Oracle Release
RSPARAM - Display all instance parameters
RSPO0041 - Removing old spooling objects
RSRSCAN1 - Search source code for a given string. Will also search includes. Also see RKCTSEAR and RPR_ABAP_SOURCE_SCAN.
RSSNAPDL - Clean the old ABAP error dumps
RSTBSERV - Compare a contents of a table between clients
RSTXFCON - Converts SAPScript page formats
RSTXSCRP - Save a SAPScript layout set to disk, and load it back into SAP.
RSTXSCRP - Transport SAPscript files across systems
RSTXSCRP - Upload and download SAPScript layout sets
RSTXTPDF4 - Pass the spool number of a report's output to this program to have the output converted to PDF format.
RSTXTRAN - Add standard texts to a transport so they can be moved between systems.
RSUSR003 - Check the passwords of users SAP* and DDIC in all clients
RSUSR006 - List users last login
RSWBO052 - Change development class of a sapscript (provided by Alan Cecchini)
RSWBO060 - put objects into a request and transport it to any other system
피드 구독하기:
글 (Atom)