Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

restriction with workflow

Former Member

‎06-09-2009 10:09 AM

0 Kudos

hello Experts,

Hello experts,

Normally, the difference between a Parent role and its derived roles is in terms of organization levels.

I heard that there is a method workflow to do restriction without use derived roles:

- it uses only the simple parent roles with authorization objects and without organization levels

- it affects this roles to users then it affects the users to organizational units which are the old concept (organization levels).

- So the actions mentioned by the authorization objects of a role assigned to a user X, takes place only on organizational units authorized for user X.

there is someone witch has some informations about that? how to do that? what are the transactions witch can do that? It is possible to do that with the transaction PPOMW?

Please help me.

Best regards.

Edited by: Habilitaion on Jun 9, 2009 11:10 AM

2 REPLIES 2

Former Member

‎06-09-2009 2:07 PM

0 Kudos

Hi,

In release 4.0 SAP implemented an authorization concept that differentiated between functions and organizational area. But since 4.6 this concept was switched to derivation of roles.

HR comes with structural authorizations that can be used in addition to the standard authorizations. This kind of authorization secures HR data only. It cannot be used for financial or logistics data. The access is calculated at runtime via the organizational structure defined in HR. It is possible to restrict the access to personnel data of your own organizational unit.

Here is the help regarding structural authorizations:

http://help.sap.com/erp2005_ehp_04/helpdata/EN/c2/936f3ee3c33f7ce10000000a114084/frameset.htm

Hopefully I understood your question. Otherwise ignore my post

Regards

Rainer

Former Member

‎06-09-2009 7:46 PM

0 Kudos

There is such a thing as "workflow", where scenarios can be used to process data from end user applications and the authority checks are performed within the workflow engines.

You can use this for different scenarios of various types - but you cannot feasibly run a whole system on it and avoid maintaining all org levels that way.. In comparison, learning English will be much much easier...

Basically, you send workitems into the engine and based on processing rules it has it will do that which you have instructed it to do, including wait for further approvals etc.

Cheers,

Julius