Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Authorization Switches in SAP HR

Former Member

‎07-15-2010 3:50 PM

0 Kudos

Hi All,

We are about to start the security role build in our development system. As per my knowledge, there are some authorization switches to be activated before we start the role build through t-code OOAC.

I would like to know, if changing the value of these switches will have any kind of impact on the overall system configuration and also any points to be taken care of while activating the switches.

Any help/advice will be much appreciated.

Thanks,

Vinaya

11 REPLIES 11

Former Member

‎07-15-2010 4:36 PM

0 Kudos

Hi Vinaya,

Please refer the below link:

http://help.sap.com/saphelp_470/helpdata/en/7f/1a7d3c8015d10ee10000000a11405a/content.htm

Former Member

‎07-15-2010 5:25 PM

0 Kudos

By putting on the switches you are enabling the structural authorization for HR, it will have no impact with respect to your role design.

But make sure to apply structural profile as appropriate, you can have structural profile and also standard role assigned to the user.

With HR Switches on structural profile works

With HR Swithces not on , even though you might create "structural profile" for users system will ignore

Former Member
In response to Former Member

‎07-15-2010 8:04 PM

0 Kudos

> 

> By putting on the switches you are enabling the structural authorization for HR, it will have no impact with respect to your role design.
>

If what you are suggesting is correct, what is the reason for and use of the field PROFL in many of the P_ auth objects?

Former Member
In response to Former Member

‎07-15-2010 8:17 PM

0 Kudos

Hi Alex,

I am responding regarding this switches:

AUTSW ADAYS 15 HR: Tolerance Time for Authorization Check

AUTSW APPRO 0 HR: Test Procedures

AUTSW DFCON 1 HR: Default Position (Context)

AUTSW INCON 0 HR: Master Data (Context)

AUTSW NNCON 0 HR:Customer-Specific Authorization Check (Context)

AUTSW NNNNN 0 HR: Customer-Specific Authorization Check

AUTSW ORGIN 1 HR: Master Data

AUTSW ORGPD 0 HR: Structural Authorization Check

AUTSW ORGXX 0 HR: Master Data - Extended Check

AUTSW PERNR 1 HR: Master Data - Personnel Number Check

AUTSW XXCON 0 HR: Master Data - Enhanced Check (Context)

AUTSW ORGPD 0 HR: Structural Authorization Check

Assumption based on the question : PERNR, ORGIN & other values were already set.

I dont know if this is what you were asking for.

Former Member
In response to Former Member

‎07-15-2010 9:20 PM

0 Kudos

What I am asking is why you think changing the switches will not have an effect on the role design. I switching on structural auths will introduce a new set of requirements and almost invariably, the role design needs to be changed to cater for this.

Former Member
In response to Former Member

‎07-15-2010 9:28 PM

0 Kudos

Alex,

Oki got it, it does impact the role design.

I was trying to state that a combination of HR standard role + structural authorization will work.

yes security controls have to be reworked on, I agree with you on this.

Former Member
In response to Former Member

‎07-15-2010 9:31 PM

0 Kudos

ah, got you. I misinterpreted your original post - sorry.

Former Member

‎07-15-2010 8:53 PM

0 Kudos

Vinaya,

Authorization switches should be ON if you are implementating Structural authorization and we have different switches for context security also.

if you want to implement general auth & structural together you will use context security.

Auth Switches are prequistes before starting structural auth & context security. without these , user will not get the results.

Impact is not thru Switches, but If you become too zealous and use too many or too complicated structural authorizations, the system response time can be dramatically affected. Certain % of users recognize the effect.

Thanks,

Sri

Edited by: sri on Jul 15, 2010 3:58 PM

Former Member

‎07-16-2010 8:28 AM

0 Kudos

Thankyou for your responses.

The reason i asked this question was, I was told by someone that there is a order in which these switches have to be activated in the system and certain other points to be taken care of for these to work as expected.

I wanted to know from somebody who has activated the switches before if there are any preparatory steps for the activation of these switches.

Thanks,

Vinaya

Former Member
In response to Former Member

‎07-16-2010 10:26 AM

0 Kudos

Vinaya,

There is no preparatory steps, based on requirement you will be activating the switches.For eg: implementing the stru auth you need to activate ORGPD to 1 perform rest of the steps

If you want to include additional check on HR master data ORGXX to 1.

If want to create custom specific auth object before creating object active object NNNNN to 1

Eg: In night,the moment you enter the house you switch the light...

Thanks,

Sri

Former Member
In response to Former Member

‎07-16-2010 11:00 AM

0 Kudos

> 

> Eg: In night,the moment you enter the house you switch the light...

Don't forget to put the lightbulb in......