Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Showing results for 
Search instead for 
Did you mean: 

Behavior of p_orgin when compared to p_orgincon

former_member275658
Contributor
0 Kudos

Hi Gurus,

Is it mandatory to use p_orgincon if we implement structural authorizations ? I read documentation of Norm & Carl and it didn't mentioned anything about p_orgincon while implementing structural authorizations and used p_orgin to elaborate PD profile.

I know, INCON is used as context sensitive object but how different it is when compared to ORGIN. Could you please advise me with an example ?

Thank you

Regards,

Salman

1 ACCEPTED SOLUTION

Former Member
0 Kudos

Hi Salman,

You can implement structural authorization with object P_ORGIN as well. Only Context sensitive structural authorization requires object P_ORGINCON as structural profiles are assigned via the role (auth field PROFL).

For example on how P_ORGIN differs from P_ORGINCON, please consider reading the info at following link and let me know if you still have any questions.

http://help.sap.com/saphelp_470/helpdata/en/b3/bfb83b5b831f3be10000000a114084/content.htm

Thanks

Sandipan

5 REPLIES 5

Former Member
0 Kudos

Below is an excerpt from HR940.

The Authorization Object HR: Master Data with Context(P_ORGINCON) is used during the

authorization check on HR infotypes. The checks take place when HR

infotypes are edited or read. The system queries the contents of the fields

during the authorization check.

The PROFL field (Authorization profile) is used to determine which structural

profiles the user is authorized to access.

In the standard system, the check of this object is not active. You can use the

INCON authorization main switch to control the use of P_ORGINCON.

Hint:

Note: Note that the structural profiles assigned to a user are

determined from table T77UA User Authorizations (= Assignment of

Profile to Users). Therefore, you should only use structural profiles

that are entered in this table in the PROFL field of the context

authorization objects.

Former Member
0 Kudos

Hi Salman,

You can implement structural authorization with object P_ORGIN as well. Only Context sensitive structural authorization requires object P_ORGINCON as structural profiles are assigned via the role (auth field PROFL).

For example on how P_ORGIN differs from P_ORGINCON, please consider reading the info at following link and let me know if you still have any questions.

http://help.sap.com/saphelp_470/helpdata/en/b3/bfb83b5b831f3be10000000a114084/content.htm

Thanks

Sandipan

0 Kudos

Thanks Sandipan.

I read the example and I have a question.

This means Manager1 will have Structural profile1 and Structural profile2 in OOSB. Based on the Org structure, the Manager1 will be able to read/write the infotypes 0000-0008,0015 for the employees under his org unit.

What I think, if we don't use p_orgin and use p_orgincon then we will be adding in profile field as structural profile 1 and profile 2 or just profile1 in P_ORGINCON.

0 Kudos

This is how you should maintain values in P_ORGINCON

0 Kudos

Use P_ORGIN when you want to assign the same roles for both the managers, but need to assign with different structural profiles (via OOSB) for both of them.

Use P_ORGINCON when you do not want to do any assignment using OOSB, as the role itself will now have the structural profile assigned. In my opinion this will be a overhead as more number of roles need to be created (again depends on the security model you have implemented)