07-10-2012 7:50 PM
Hi Gurus,
Is it mandatory to use p_orgincon if we implement structural authorizations ? I read documentation of Norm & Carl and it didn't mentioned anything about p_orgincon while implementing structural authorizations and used p_orgin to elaborate PD profile.
I know, INCON is used as context sensitive object but how different it is when compared to ORGIN. Could you please advise me with an example ?
Thank you
Regards,
Salman
07-11-2012 8:34 AM
Hi Salman,
You can implement structural authorization with object P_ORGIN as well. Only Context sensitive structural authorization requires object P_ORGINCON as structural profiles are assigned via the role (auth field PROFL).
For example on how P_ORGIN differs from P_ORGINCON, please consider reading the info at following link and let me know if you still have any questions.
http://help.sap.com/saphelp_470/helpdata/en/b3/bfb83b5b831f3be10000000a114084/content.htm
Thanks
Sandipan
07-11-2012 8:21 AM
Below is an excerpt from HR940.
The Authorization Object HR: Master Data with Context(P_ORGINCON) is used during the
authorization check on HR infotypes. The checks take place when HR
infotypes are edited or read. The system queries the contents of the fields
during the authorization check.
The PROFL field (Authorization profile) is used to determine which structural
profiles the user is authorized to access.
In the standard system, the check of this object is not active. You can use the
INCON authorization main switch to control the use of P_ORGINCON.
Hint:
Note: Note that the structural profiles assigned to a user are
determined from table T77UA User Authorizations (= Assignment of
Profile to Users). Therefore, you should only use structural profiles
that are entered in this table in the PROFL field of the context
authorization objects.
07-11-2012 8:34 AM
Hi Salman,
You can implement structural authorization with object P_ORGIN as well. Only Context sensitive structural authorization requires object P_ORGINCON as structural profiles are assigned via the role (auth field PROFL).
For example on how P_ORGIN differs from P_ORGINCON, please consider reading the info at following link and let me know if you still have any questions.
http://help.sap.com/saphelp_470/helpdata/en/b3/bfb83b5b831f3be10000000a114084/content.htm
Thanks
Sandipan
07-11-2012 4:23 PM
Thanks Sandipan.
I read the example and I have a question.
This means Manager1 will have Structural profile1 and Structural profile2 in OOSB. Based on the Org structure, the Manager1 will be able to read/write the infotypes 0000-0008,0015 for the employees under his org unit.
What I think, if we don't use p_orgin and use p_orgincon then we will be adding in profile field as structural profile 1 and profile 2 or just profile1 in P_ORGINCON.
07-16-2012 1:39 PM
07-17-2012 9:37 AM
Use P_ORGIN when you want to assign the same roles for both the managers, but need to assign with different structural profiles (via OOSB) for both of them.
Use P_ORGINCON when you do not want to do any assignment using OOSB, as the role itself will now have the structural profile assigned. In my opinion this will be a overhead as more number of roles need to be created (again depends on the security model you have implemented)