07-15-2010 3:50 PM
Hi All,
We are about to start the security role build in our development system. As per my knowledge, there are some authorization switches to be activated before we start the role build through t-code OOAC.
I would like to know, if changing the value of these switches will have any kind of impact on the overall system configuration and also any points to be taken care of while activating the switches.
Any help/advice will be much appreciated.
Thanks,
Vinaya
07-15-2010 4:36 PM
Hi Vinaya,
Please refer the below link:
http://help.sap.com/saphelp_470/helpdata/en/7f/1a7d3c8015d10ee10000000a11405a/content.htm
07-15-2010 5:25 PM
By putting on the switches you are enabling the structural authorization for HR, it will have no impact with respect to your role design.
But make sure to apply structural profile as appropriate, you can have structural profile and also standard role assigned to the user.
With HR Switches on structural profile works
With HR Swithces not on , even though you might create "structural profile" for users system will ignore
07-15-2010 8:04 PM
>
> By putting on the switches you are enabling the structural authorization for HR, it will have no impact with respect to your role design.
>
If what you are suggesting is correct, what is the reason for and use of the field PROFL in many of the P_ auth objects?
07-15-2010 8:17 PM
Hi Alex,
I am responding regarding this switches:
AUTSW ADAYS 15 HR: Tolerance Time for Authorization Check
AUTSW APPRO 0 HR: Test Procedures
AUTSW DFCON 1 HR: Default Position (Context)
AUTSW INCON 0 HR: Master Data (Context)
AUTSW NNCON 0 HR:Customer-Specific Authorization Check (Context)
AUTSW NNNNN 0 HR: Customer-Specific Authorization Check
AUTSW ORGIN 1 HR: Master Data
AUTSW ORGPD 0 HR: Structural Authorization Check
AUTSW ORGXX 0 HR: Master Data - Extended Check
AUTSW PERNR 1 HR: Master Data - Personnel Number Check
AUTSW XXCON 0 HR: Master Data - Enhanced Check (Context)
AUTSW ORGPD 0 HR: Structural Authorization Check
Assumption based on the question : PERNR, ORGIN & other values were already set.
I dont know if this is what you were asking for.
07-15-2010 9:20 PM
What I am asking is why you think changing the switches will not have an effect on the role design. I switching on structural auths will introduce a new set of requirements and almost invariably, the role design needs to be changed to cater for this.
07-15-2010 9:28 PM
Alex,
Oki got it, it does impact the role design.
I was trying to state that a combination of HR standard role + structural authorization will work.
yes security controls have to be reworked on, I agree with you on this.
07-15-2010 9:31 PM
07-15-2010 8:53 PM
Vinaya,
Authorization switches should be ON if you are implementating Structural authorization and we have different switches for context security also.
if you want to implement general auth & structural together you will use context security.
Auth Switches are prequistes before starting structural auth & context security. without these , user will not get the results.
Impact is not thru Switches, but If you become too zealous and use too many or too complicated structural authorizations, the system response time can be dramatically affected. Certain % of users recognize the effect.
Thanks,
Sri
Edited by: sri on Jul 15, 2010 3:58 PM
07-16-2010 8:28 AM
Thankyou for your responses.
The reason i asked this question was, I was told by someone that there is a order in which these switches have to be activated in the system and certain other points to be taken care of for these to work as expected.
I wanted to know from somebody who has activated the switches before if there are any preparatory steps for the activation of these switches.
Thanks,
Vinaya
07-16-2010 10:26 AM
Vinaya,
There is no preparatory steps, based on requirement you will be activating the switches.For eg: implementing the stru auth you need to activate ORGPD to 1 perform rest of the steps
If you want to include additional check on HR master data ORGXX to 1.
If want to create custom specific auth object before creating object active object NNNNN to 1
Eg: In night,the moment you enter the house you switch the light...
Thanks,
Sri
07-16-2010 11:00 AM
>
> Eg: In night,the moment you enter the house you switch the light...
Don't forget to put the lightbulb in......