Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Exclusion Flag in PD Profiles (Structural Authorizations)

Former Member

‎10-28-2008 3:18 PM

0 Kudos

Hello, I have a question about the exclusion indicator in IT1017 (PD Profiles). We are upgrading from 4.6C to ECC 6.0. This indicator was not available in 4.6C. We are now concerned that users may inadvertently set this indicator and the recipientu2019s authorizations will get impacted.

The documentation only states that "This field allows you to exclude branch structures from structural authorizations."

We have found that if the flag is set (and RHPROFL0 runs), the impact to the user is that they can only see their own data. We have also found that, in order to remove the flag you must remove it from IT1017 and re-run RHPROFL0 with the "delete manually maintained authorization profiles" - PD Authorizations flag switched on.

Can anyone help explain, what the exclusion indicator is used for? And shed some light on itu2019s function?

Regards,

Gino

1 REPLY 1

Former Member

‎01-14-2009 6:55 PM

0 Kudos

The exclusion is used to exclude a specific piece of a structural profile you assign to a user. Example: your user has a structural profile to see all HR infotypes within his/her department. However you don't want this user to see the managers data. You can create a separate structural profile that contains the manager's personnel number.

You assign both structural profiles to the user. Either directly "on the user" using transaction OOSB (Table T77UA) where you see an identical exclusion indicator. The "manager" structural profile will have the exclusion indicator set. That way the user has access to department data exclusive the managers data.

If you assign it on the position by IT1017 you set the exlusion indicator there. You will see that if you run RHPROFL0 that T77UA will be updated with the 2 entries for the user and one will automatically have the exclusion indicator set.

The concern that users inadvertently change this indicator should be very small since there should not be very many users that have access to PO13 and/or OOSB in a production environment.

Ruud Scheenen