Some info on authorisation levels from a colleague

The authorization level field specifies the access mode. The following
authorization levels exist:
. R (.read.) for read access
. M (.matchcode.) for read access using input help (F4)
. W (.write.) for write access
. E and D (.enqueue. and .dequeue.) for write access using the
asymmetrical double verification principle. E allows the user to create
and change locked data records and D allows the user to change lock
indicators.
. S(.symmetrical.) for write access using the Symmetric Double
Verification Principle
. * always includes all other authorization levels simultaneously

Table T777F

Been running into a lot of errors that complain about not having things in table T777F. the question on everyone's lips is, "What the frak is table T777F"

Only thing I could find that seemed to give any real information at all is an item on CaptainSAP. The downside is it's in French and no-one here speaks French. It's not that we're ignorant xenophobes, out of the 60 odd people in the room we probably have over 150 languages spoken to a decent degree of fluency, just none of them are French.

The definition the page gives for the table is:"Opérations d'infotypes autorisées selon statut de planification (ISTAT)"

I thinkl that translates very roughly to "Authorisations of/for Infotype operations in/for planning stages." which, allowing for grammar corrections, is what freetranslation.com thinks it means as well.

Worklist going astray

Just been told (thanks Noel)about a really useful transaction. We're testing Employee Self Service (ESS) and Manager Self Service (MSS) right now. A lot of the stuff relies on workflows and items going to people's worklists to be actioned.

A recurring problem I've been seeing is that an employee will complete, say, a car use authorisation request form (so they can claim mileage) and from their side it seems to work fine. The thing is, the form doesn't show up in their manager's worklist for authorisation. No error messages, no warnings.

The transaction I've been told of is SWI1. This basically lets you see all the worklist items, including ones that failed. I've discovered what's going wrong (as in what the errors are, not necessarily what the cause is but it's a step towards finding the cause) on several defects. It's not a particularly user friendly transaction but compared with dissecting core dumps and some Oracle trace files it's not too bad.

Useful page for SAP eLearning (LSO) transactions

One of the things I've had to do recently is translate transaction codes into the actual name of the transaction. Not much of a problem for the commonly used transaction (e.g. PA20, PA40, PPOME &c) but finding information on the web about LSO transactions, the learning/eLearning/training suite, has been very difficult. Finally I found this page which has all the ones I'm looking for. I found it Googling for LSO_RHABLAUF_OLD, what surprised me is that it didn't come up for the other transaction codes I'd been searching for earlier.

SAP HCM Standard roles

I've been trying to track down a list of SAP HCM standard Security and Authorisations roles. No luck so far.

I'm looking at test scenarios but the high level role specs I've been given so far (the roles are still being defined) just say things like "Z* version of SAP standard role for ...". Ideally I'm looking for role name, brief description and overview of what the role can do in SAP (i.e. transactions, infotypes and objects).

I've Googled but to no avail, just lots of job postings and people saying that if I go on their training course for X thousand Euro I'll know what the standard SAP HCM roles are. I did find a link that looked useful, it's to a sample chapter of "Authorizations in SAP ERP HCM", but unfortunately the sample chapter is not the chapter I need.

Gotta just keep on looking!

OK, worked out how to turn on IT0105 STy0001

Pretty simple really. Just go into PA30 and create the infotype then put the username in the Id/Number field and click save.

IT0105 STy 0001

IT0105 is Communications, email addresses and the like.

Not been able to find out how to set it up yet but, you can use sub-type 1 to restrict what a user can do to their own record. This basically creates a link between a personnel record and an SAP username. Once setup that user may be able to lots of different things, change various infotypes, to other people's records but not their own.

The main thing is anything contract or pay related (IT0008, IT0001, IT0003 &c) cannot be changed by the person it relates to.