Structural authorization issue
In a R/3 4.7, an organizational structure is created with PPOM transaction.
The most of personnel numbers are linked to organizational structure but some others are not linked.
The not linked personnel have on infotype 0001 field organizational unit = 00000000 and position = 99999999.
The main OOAC switches are:
This means (ORGIN=0) that we are using only context structural authorization.
We want implement this scenario:
user A must be able to display a specific set of infotype for personnel numbers but with 2 different situations:
1) for all personnel numbers (linked or not linked) must be able to see the set of infotypes except 0008 (Basic Pay).
2) infotype 0008 can be displayed only for personnel numbers linked to positions under a specific organizational unit (entry point).
To implement this we have created, with OOSP, 2 different Structural authorization:
PROF_A which have object type O and object ID the root of organizational structure (ev path = O-S-P)
PROF_B which have object type O and object ID the entry point of the specific organizational unit (ev path = O-S-P). For users above it, infotype 0008 should be displayed.
Then we have created, with PFCG, 2 P_ORGINCON authorizations:
The first has authc=R,M and PROFL=PROF_A and the set of infotypes except 0008.
The second has authc=R,M and PROFL=PROF_B and the set of infotypes with 0008 too.
Everything is working fine except for not linked personnel numbers. In fact DFCON=4 give the authorizations to see not linked personnel numbers BUT for them can be displayed also infotype 0008. This because 0008 is in the second P_ORGINCON authorization (with PROFL=PROF_B).
It is not clear the logic.
How we can manage infotypes for not linked personnel numbers ?