Hi SaQ,

thanks for your answer!!!!

Maybe I explained it not reallly good, what I wanted to know....

The BAdI seems more to avoid a lot of maintenance of T77UA.

My question was more, if there is ALWAYS the need,

for MSS + 2nd task,

to have

for MSS :

1 role incl. profile in field PROFL,

and for the 2nd task

1 role incl. profile in field PROFL,

Is this ALWAYS needed?

Or is it possible to use MSS role incl. PROFL and for 2nd task "REGULAR" authorizations (PROFL "*")?

(I think, the authorizations would be in addition, right?)

Is this explained better, what I want to know? Sorry.

Thanks

Regards

Franky

> The BAdI seems more to avoid a lot of maintenance of T77UA.

Correct. I find it useful since when using context solution you normally endup assigning more than one structural profile for users.

> My question was more, if there is ALWAYS the need, 
> for MSS + 2nd task, 
> to have
> for MSS :
> 1 role incl. profile in field PROFL, 
> and for the 2nd task 
> 1 role incl. profile in field PROFL, 
> 
> Is this ALWAYS needed?
> Or is it possible to use MSS role incl. PROFL and for 2nd task "REGULAR" authorizations (PROFL "*")? 
> (I think, the authorizations would be in addition, right?)

This is confusing bit in HR authorisations so don't worry. I try to explain with an example with fictious case when manager requires full read access to own team and maintenance access to infotype 2001 and 2002 for every single person in the company.

You have context solution active using P_ORGINCON and you have MSS structural profile called ZMSS which is currently the only assigned structural profile to our manager (entry in T77UA):

1.1 You give manager full read access to all of their own employees using P_ORGINCON:

Authorization level: M, R
Infotype: 0000-9999
Personnel Area: *
Employee Group: *
Employee Subgroup: *
Authorization Profile: ZMSS
Subtype: *
Organizational Key: *

This works well. You have now given full read access to every employee which is under our manager in organisational chart.

1.2 You try to give same manager also access to maintain infotypes 2001 and 2002 for everybody.

Authorization level: R, W
Infotype: 2001, 2002
Personnel Area: *
Employee Group: *
Employee Subgroup: *
Authorization Profile: *
Subtype: *
Organizational Key: *

This will not work because we have only ZMSS assigned to the manager so * refers only to ZMSS i.e. all subordinates. To make this work we would need to assign also profile ALL to manager in T77UA (then * in PROFL field will refer to both profiles).

Instead of assigning profile ALL to the manager I would change the authorisation profile field in 1.2. to ALL and then activate the BAdI. This would mean that I don't have to maintain T77UA at all; manager has MSS role assigned where ZMSS structural profile is mentioned in context of giving full read access to own employees and this particular manager has also Time Admin role assigned where structural profile ALL is given in context of maintaining absences and attendances. It would be just double maintenance to go to T77UA to list those structural profiles; since when you assigned the roles to the user you already have made the decision to give those structurals or other vice your roles won't work.

's

Hi SaQ!

Thank you very much for your long answer and the good and detailed explanation!!!!!

I have to try and test it.

Your explanation proves my assumption, that if I use 1 structural for first task, I need another structural for second task, right?

Otherwise (with only 1 structural) it will not work, right?

This is valid for all cases, right?

Thanks!!!!

Franky

Edited by: Frankyxx on Oct 26, 2011 5:54 PM

Hi,

Try out this context solution.

1. Let the MSS role have Structural Profile as ZMSS in PROFL field of P_ORGINCON.

2. Ensure that Users are assigned with ZMSS through their position (PD Profile assignment through IT1017)

3. Let Time Administrator role have value * in PROFL field.

4. Assign ALL PD profile to the user's position in addition to ZMSS.

This will enable an user to perform MSS functionality on the Portal only on specific objects retrieved by ZMSS structural and in the backend the user can perform Time Admin activities on all employees ( Considering Time Admins are not restricted by PERSA, otherwise only on those employees falling under the relevant PERSA).

This is the most efficient context solution I have seen in such scenarios. The Only disadvantage with this is data breach while BI reporting, as BI systems doesn't understand context solution.

Thanks,

Deb

Hi Franky,

> Your explanation proves my assumption, that if I use 1 structural for first task, I need another structural for second task, right?

The case what I described requires both profiles (ZMSS and ALL).

> Otherwise (with only 1 structural) it will not work, right? 

With only one structural (ZMSS) user have access to own subordinates only so Time Admin would be limited to that group.

> This is valid for all cases, right?

With context solution you can refer to structural profiles which have been assigned to the user. Using * is possible but it refers to structural profiles which have been assigned to the user using OOSB/1017 or with BAdI - not to all available structural profiles in OOSP.

's