cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

structural authorization - two org structures

Go to solution
Former Member

on ‎05-25-2011 3:07 PM

0 Kudos

Hi Experts,

We have a requirement to implement structural authorization.

Requirement :

We have two org structure(old and new) within the same plan version (current).

Currently there are roles giving maintenance access to all the OM objects.

Now we have to create a structural profile to give display access to all objects in the new structure except job ; Also, all the maintenance access to old structure should still exist.

1. We still are not sure if the structural profile would work if the current roles are not amended accordingly. Is there any work around.

2. we need to give access to job object. if we restrict maintain access to all other objects is it possible to create relationship between job and position

Please advise

Brinda

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

Former Member
‎05-25-2011 6:08 PM
0 Kudos

Hi

You are right, we need to create two profiles one giving access to existing structure and other other giving display access to the new profile.

Currently the new structure isnt there in production. But would be in prod soon.

I want to know how the structural profile will behave when it is assigned to a role which is already having * access.

Will the * access override this role.

Show replies
Show replies
lukemarson
Active Contributor
‎05-25-2011 9:46 PM
0 Kudos

Hi Brinda,

I would strongly advise against putting this second org structure into Production on the same Plan Version as your production org structure. Apart from the structural authorization issues there are other issues that can occur. Plan Versions were created for such uses so you should persuade your client to use the correct method. This will then remove your structural authorization issue in the Production client plus any other issues (Company Codes, Pers Areas/Subreas, EE groups etc).

Best regards,

Luke

Former Member
‎05-26-2011 8:42 AM
0 Kudos

Thanks Luke,

We are going to have the new org structure in the same plan version.

Now, my doubt is, 1, what will happen when a general authorization and structural authorization intersects.

2. If I restrict maintain access to all objects except job, can i maintain relationship between job and position.

Also what evaluation path i should use for job.

regards,

brinda

Former Member
‎05-26-2011 4:35 PM
0 Kudos

Hi brinda

1. When general & structurals overlap, the master data will be restricted by evaluation path selected in the assigned structural authorisation profile.

2. You may use evaluation path C_S_O or O_S_C if this suits your requirement.

Former Member
‎05-27-2011 1:40 AM
0 Kudos

Hi Brinda,

It will be very difficult to get your described authorisations working correctly without different plan versions. Main reason would be that PD structures do not support context solution (PLOG object has also PLOG_CON version but it is not working).

If you would have two different plan versions you might be able to fulfil your requirement even without structural authorisations. You may also endup creating very heavy structural authorisation which will lead to performance issues. There is standard reports to buffer authorisations but drawback is that your users will not have upto date access if changes has happend after buffering.

Regarding your question about structurals and general authorisations intersecting and if you want to give authorisation to only display jobs but allow assigning jobs to positions: you need to give maintain access to jobs in structural profile. Then you have to limit the maintain access using PLOG object in general authorisation to objects C and S and infotype 1001 and subtypes A007 and B007. Display access to everything else.

So it maybe possible to implement the scenario what you said but I would strongly recommend what Luke said in the first place: try to pursue the team to use alternate plan version.

Cheers,

Saku

Former Member
‎05-27-2011 1:45 AM
0 Kudos

Thanks Luke and Saku.

Thanks a lot for your time and input.

Regards,

Brinda L

Former Member
‎05-27-2011 1:48 AM
0 Kudos

thanks minttea

Answers (1)

Answers (1)

lukemarson
Active Contributor
‎05-25-2011 4:56 PM
0 Kudos

Hi Brinda,

I hope this isn't in Production! The user of Plan Versions to create your current org structure and in the active plan version (e.g. 01) and then any other structures in another plan version.

I can't see how structual authorizations can work on both structures - maybe you need 2 sets of authorizations, one for each structure. Have you investigated this?

Best regards,

Luke

Show replies
Show replies
Ask a Question