Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
XYZ
XYZ XYZ
Company code Insurance
Finance Sales
Job
General Manager
Management Positions
Sr.Manager
Employee Group : General classification of employees.
Active ,
Retired,
Contractors and
External Employees.
Employee Sub group : Division of employee groups.
Hourly based,
Salaried,
Executives and
Trainees
1. General authorizations check
2. Structural authorization check
if we activate this switch ,can avoid access loss and will be delayed
significantly by tolerance time.( If it contains values >0).
1 = Check access to Org Unit maintained in IT 0001 for persons not linked to the
OM structure. if no values are maintained in IT 0001, deny authorization to the
person.
2 = Do not check access to Org Unit maintained in IT 0001 for persons not linked to
the OM structure. Deny access to all these persons.
3 = Check access to Org Unit maintained in IT 0001 for persons not linked to the
OM structure. if no values are maintained in IT 0001, give authorization to the person
.
4 = Do not check access to Org Unit maintained in IT 0001 for persons not linked to
the OM structure. Give access to all these persons.
Tip : As best practice use ORGPD with for plain structural authorization (p_orgin) and
DFCON in combination with context solution P_RNINCON ,P_ORNXXON etc.
Tcode :OOSP
Fields: Auth profile, Serial num, plan version, Object type,
Object id, maintenance, eveluation path, status vector,
depth,sign,period,function module.
Each filed in S.A in details :
Object ID
You can use this field to define the start object using evaluation paths
Tip :The advantage of the dynamic structural authorizations is their ability to use
attributes of the user for determination of access to content. A dynamical structural
profile can therefore be reused by many users with different need to content. The
most common know dynamic structural profile is the line manger which is a profile,
which can be reused for all with a manager position.
Basically, the structural authorization uses the evaluation
paths . Based on a root object, which is defined by its eight-
digit object ID, the evaluation path determines all objects
under the root object in the structure. The authorization is
issued for all of these objects.
Evaluation path : O-S-P: Internal Persons per Org unit.
Tcode :OOAW
If root object 80000815 is linked to the O-O-S evaluation
path, all objects illustrated showed in above example are
permitted. If you specify root object 80004711, an
authorization is only issued for the white objects.
.
Example 3 :Skipping Object types : If we want to give access to only positions
,but not the organizational (O) units. We can do it by selecting the SKIP check in
Evaluation path
Tcode : OOSB or PO13 or PO10 or PP01, PP03
Standard profiles : Info type 1016, PD profiles : Info type 1017.