Hello Experts,
I have a problem where ESS endusers are able to approve a Missed Punch Log (MPL) for a different employee forwarded to them by a MSS enduser. Only MSS users should be able to approve. I cannot figure out which auth object is giving the ESS enduser the authorization to approve a MPL.
My P_ASRCONT authorization values in the ZS:HR_ESS_ENDUSER_WORK_TIME role are:
| OBJECT | FIELD | LOW |
| P_ASRCONT | ASROBJSCOP | 1 |
| P_ASRCONT | ASRCONTYPE | P |
| P_ASRCONT | ASRCONTGRP | * |
| P_ASRCONT | ASRACTVT | S |
| P_ASRCONT | ASRCONTYPE | F |
I also have these authorization values in the role:
| OBJECT | FIELD | LOW |
| S_SRMGS_VV | SPS_ID | ASR* |
| S_SRMGS_VV | SRM_MODEL | * |
| S_SRMGS_VV | DOCUMENTID | * |
| S_SRMGS_VV | ACTVT | 1 |
| S_SRMGS_VV | ACTVT | 6 |
| S_SRMGS_PR | ACTVT | 3 |
| S_SRMGS_PR | DOCUMENTID | * |
| S_SRMGS_PR | PROPGROUP | * |
| S_SRMGS_PR | PROPNAME | * |
| S_SRMGS_PR | SPS_ID | ASR* |
| S_SRMGS_PR | ACTVT | 6 |
| S_SRMGS_PR | ACTVT | 2 |
| S_SRMGS_PR | ACTVT | 1 |
| S_SRMGS_PR | SRM_MODEL | * |
| S_SRMGS_DC | DOCUMENTID | * |
| S_SRMGS_DC | SPS_ID | ASR* |
| S_SRMGS_DC | ACTVT | 1 |
| S_SRMGS_DC | ACTVT | 30 |
| S_SRMGS_DC | SRM_MODEL | * |
| S_SRMGS_CT | SRM_MODEL | * |
| S_SRMGS_CT | ACTVT | 1 |
| S_SRMGS_CT | DOCUMENTID | * |
| S_SRMGS_CT | ACTVT | 3 |
| S_SRMGS_CT | SPS_ID | ASR* |
I welcome any advice/recommendations for any authorization changes that should be implemented to prevent a non-MSS user from approving a MPL.
Thanks for all your help,