Escolar Documentos
Profissional Documentos
Cultura Documentos
Structural Authorization
General Authorization
Personnel Admin
TC: OOSB
TC: PFCG
Evaluation Path
Dynamically
Manually
Refer to OSS Note 339367 refers to OSS Note 363083 Maintenance of the switch AUTH_SW P_ORGPD to import 4.7 functionality
Activation Options
Value 1: Org Unit Checked No Authorization. Value 2: Org Unit Not Checked No Authorization. Value 3: Org Unit Checked Authorization Value 4: Org Unit Not Checked Authorization
Evaluation Paths
Use SAP standard evaluation paths SAP standard function modules read delivered evaluation paths Create customer defined evaluation paths Customer defined function modules specify customer defined evaluation paths
Evaluation Paths
T778A
V_T77AW
Screen # 2 T77PR
When Function Module is being used, leave Object ID field Blank
RH_GET_MANAGER_ASSIGNMENT: Determines the root org unit object to which the user is assigned as Manager via the A012 chief relationship. (Supervisor)
Screen # 2 (Continued)
Auth Profile: Select profile for pop-up box No.: Enter Line/Sequence/Interval numbers 5, 10, 15 etc. Plan version: Enter active plan. Ex. 01 Object type: Enter object type end user will be authorized to change or display (O Org Unit, S Position, C Job, P- person, and any customer defined objects) Object ID: If assign root org unit is being used, enter org unit id value. If you are using function modules to dynamically determine the root org unit, leave this field blank Maintenance: If checked, maintain authorization is granted for object type, if uncheck, only display authorization granted. Evaluation Path: Enter evaluation path defined inT77UA
Screen # 2 (Continued)
Status vector: Planning status authorization
1 Active 2 Planned 3 Submitted 4 Approved 5 Rejected To grant access to Active and Planned status(s) enter 12
Depth: Enter the number of levels from the root org unit of the org structure. Sign: Process structural authorization top down (+) or bottom-up (-)
Screen # 2 (Continued)
Time period: Restrict access based on the validity period of the org structure.
D Current Day M Current Month Y Current Year P Past F Future
Function module:
Leave this field blank if root org unit is defined in field Object id Determine the root org unit using SAP standard or Customer defined function modules
Screen # 2 (Continued)
Add multiple rows in this table for all PD objects the structural authorizations are permitting to change and/or display
Screen # 2 T77PR
RH_GET_ORG_ASSIGNMENT
Determines the root organizational unit to which the user is organizationally assigned.
Screen # 2 T77PR
Restrict user access based on PD objects. Assign structural authorization defined in transaction code OOSP or T77PR by creating an IT1017 to a PD object. Example: Create IT1017 to org unit or position depending on your requirements This is linking the structural authorization to the organizational structure. IT1017 is required if you are going to dynamically populate T77UA by linking user id to structural authorization profile.
Congratulations !
You have completed the configuration of structural authorizations. Do not know of any method to trace structural authorizations Test, test user ids for both structural authorizations and PA/PD authorization assigned to roles in TC: SU01.
Reporting Considerations
Customer Defined Reports: Use HR Macros in your custom program to engage structural authorizations from the LDB. If LDB is not being accessed, need to code structural authorizations in program SAP Standard Reports: There may be some circumstances you do not want structural authorizations checked. Copy standard reports and remove authorization checks.
Lessons Learned
Keep in mind, users with new structural authorizations will not be effective until next day if RHPROFLO is ran nightly. Remember to assign Authorization Groups to customer defined z-tables in order to maintain in Production client. Assign all end users structural authorizations.
Questions ?