cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

can we use "structural authorization" to be defined in HR master data?

dhenny_muliawaty
Active Participant

on ‎07-31-2009 10:43 AM

0 Kudos

dear Gurus,

is it applicable if we want to have "structural authorization" to be defined in HR master data - custom infotypes?

it seemed that structural authorization can only be defined in Personnel Planning and Development, in addition to the basic access authorizations.

copy from spro:

"Structural Authorization"

This section describes the special authorizations that you can define in Personnel Planning and Development in addition to the basic access authorizations.

looking forward to hearing from you.

best regards, pei

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (2)

Answers (2)

Former Member
‎07-31-2009 11:01 AM
0 Kudos

Hi Dhenny,

Structural Authorizations can be set for the administrator who is involved in different evaluations/accessing structures whether in OM/PD/TE etc. Ex ; Creating, Maintaining, delecting objects in structures. Since objects are plays great role in structural authorization, it is not applicable for HR master Data.

For customization see IMG under OM-> Structural authorization. There are many criterias to be considered while creating Structural Authorization profile which are not applicable for HR master data.

Regards,

Purnima

Show replies
Show replies
dhenny_muliawaty
Active Participant
‎08-04-2009 6:58 AM
0 Kudos

dear all,

thank u for ur explanation

do u know other solution to have authorization setting other than structural authorization for HR master data custom infotypes?

thanks n best regards,

dhenny muliawaty

Former Member
‎08-04-2009 7:19 AM
0 Kudos

Hi Dhenny,

Yes, you can set authorization to custom infotypes thorugh general authorization. Find below steps.

1. Create role via PFCG Tcode, and give custom infotype under authorization object P_ORGIN & P_ORGXX along with other information like authorization level, personal area, personal sub area, Employee group, ESG. Subtype, and administrators.

2. Then assign this role to user via Tcode SU01.

Revert for further clarification

Regards,

Purnima

dhenny_muliawaty
Active Participant
‎08-11-2009 3:54 AM
0 Kudos

Hi Purnima..

yes general authorization is the standart role authorization to be used for HR master data authorization setting..

for organizational unit which has specific personnel area (one organizational unit has one unique personnel area).

it will be ok to use general authorization..

we can define one role with different access to the personnel areas as needed..

the things is.. for one personnel area that is covering lots of organizational units.. we can not use general authorization to limit access to one organizational unit.

example: Head Office Personnel Area..

have this condition:

need to set up authorization based on organizational unit for custom infotypes in HR master data

where for Head Office area, we have only one personnel area covering many organizational units. and we need to set up a kind of structural authorization for each organizational unit for this custom HR master data.

do you have any other solution?

thanks for your kind attention

thanks and best regards,

dhenny muliawaty (pei pei)

Former Member
‎08-11-2009 6:02 AM
0 Kudos

Hi Dhenny,

Yes we can give access based on Org unit via General authorization. Find below steps for the same.

1. There is a field in IT0001 called Org key where you can give access based on any combination like personal area & org unit or position & org unit or Org unit & cost center.

Org Key:- The organizational key defines the enterprise and personnel structure. It can be used to assign other organizational units to employees. The organizational key is used for authorization checks.

2.To give access based on Org. key, we have to maintain following things before setting Org key in authorization.

a) Manitain T527 (Organization key control)-Definie variable key & rule

b)Maintain T527A (Rules for creating org. key)-Assign any combination like PSA & org unit with sequence number to defined rule in T527. Mention how many letters you want to display under length field. Maximum you can set 14 characters in org key.

c) Maintain feature VDSK1.-Assign variable key to your country grouping which has been defined in T527

3. Then craete another role via PFCG with authorization object P_ORGIN & P_ORGXX. Give your PSA & Org unit or position & org unit or Org unit & cost center in VDSK1 field.

4. Then assign role to user.

Please note that you need to create similar number of roles with Org unit. But Basis team will take care of creation part.

Regards,

Purnima

dhenny_muliawaty
Active Participant
‎08-11-2009 7:01 AM
0 Kudos

Hi Purnima,

thanks for your kind assistance and information..

currently in our R/3 Production feature VDSK1 has been used..

thank GOD, today i have found other solution.. i will still need to make sure that it can be used..

just found object authorization P_ORGINCON (HR Master Data with Context)

we can assign structural authorization profile for HR Master Data.

hope this can be implemented.

thanks a lot for your attention

best regards,

dhenny muliawaty (pei pei)

Former Member
‎07-31-2009 10:58 AM
0 Kudos

Hi,

Role Authorization can be set on all Master Data Infotypes i.e. HR/Planning/Payroll/Tcode etc. not structural Authization.

The structural authorisation is typically belongs to HR module. It has both benefits of positive and negative tests.

Steps to do Structural Authorisation:

Step1 : TC OOAC

Activate the Structural Authorisation switch

Step 2 : TC OOSP

Create Structural Authorisation profiles

Step 3 : Assign Structural Authorisation profile to user Id

TC : SE38 and assign report RHRPROFL0 enter object id for example ( Org unit )

Assign regular Role authorisation..

You will come to know the structural Authorization once you know its differences with Role Authorisation.

Role authorisation is only for ITs access. Same way Structural authorization is only for Structures access..

Ex. An administrator who is supposed to access all employees in own department, role authorization will not help because Org Unit is an Object correct, so you need to use structural authorization...

Ex. If the same administrator is supposed to access all employees based on Ent.Strucutre/Pers.Stru. criterias, role authorization alone sufficient.

Ex. If the same administrator is supposed to access all employees in his own department but not managerial level, then you need both authorizations i.e. role and structural...

An administrator can be assigned both authorizations to access ITs and Objects...

Regards,

Manoj.

Show replies
Show replies
Ask a Question