structural authorization - two org structures
We have a requirement to implement structural authorization.
We have two org structure(old and new) within the same plan version (current).
Currently there are roles giving maintenance access to all the OM objects.
Now we have to create a structural profile to give display access to all objects in the new structure except job ; Also, all the maintenance access to old structure should still exist.
1. We still are not sure if the structural profile would work if the current roles are not amended accordingly. Is there any work around.
2. we need to give access to job object. if we restrict maintain access to all other objects is it possible to create relationship between job and position
Saku Suppala replied
It will be very difficult to get your described authorisations working correctly without different plan versions. Main reason would be that PD structures do not support context solution (PLOG object has also PLOG_CON version but it is not working).
If you would have two different plan versions you might be able to fulfil your requirement even without structural authorisations. You may also endup creating very heavy structural authorisation which will lead to performance issues. There is standard reports to buffer authorisations but drawback is that your users will not have upto date access if changes has happend after buffering.
Regarding your question about structurals and general authorisations intersecting and if you want to give authorisation to only display jobs but allow assigning jobs to positions: you need to give maintain access to jobs in structural profile. Then you have to limit the maintain access using PLOG object in general authorisation to objects C and S and infotype 1001 and subtypes A007 and B007. Display access to everything else.
So it maybe possible to implement the scenario what you said but I would strongly recommend what Luke said in the first place: try to pursue the team to use alternate plan version.