Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

HR - filtering structural profiles OOSP

former_member577095
Participant

‎01-18-2012 1:45 PM

0 Kudos

Hi all,

using structural profiles (OOSP/OOSB) with the "context solution", we need to limit a manager since he should not be able to manage all CIDs above his organization unit in OM Structure.

When we assign to him a structural profile with RH_GET_MANAGER_ASSIGNMENT function, he is authorized to all CIDs above him (accordling with P_ORGIN and P_ORGINCON authorizations).

We want (as final result) to "substract" from the structural profiles output a little set of CIDs. In other words, the structural profile returns a set of O, S and P objects. We want to delete from the output list some CIDs (P IDs).

We are in a loop.

If we develop a custom function like RH_GET_MANAGER_ASSIGNMENT, it delivers some objects which will be used as input for the structural profile.

Is there a way to modify the logic of structural profiles (or a solution to our goal) ?

Andrea

2 REPLIES 2

Former Member

‎01-18-2012 2:27 PM

0 Kudos

There are many ways of doing this depends which one you like....

1. Create a custom Function Module which will perform end to end extraction of desired Objects. There is no need to pass on some inputs for evaluation path. Just while creating structural, keep everything blank except for the last column to put your custom FM. This is a technique to control Structural using FM only.

2. In a structural use two lines...one might be with standard FM, other one should pick specific objects which you don't want user to have access. Ensure to check exclude beside that line. The Intention is to remove undesired objects from populating in OOSB.

3. Implement a BADI which will be executed after RHBAUS* programs are run, whose objective should be to identify these CIDs and remove them from T77UU table or INDX or from OOSB.

Please do not confuse P_ORGINCON with structural authorization. The integration of PA and structural authorization is to provide different level of access to set of objects pulled by structural auth.

There can be plenty other ways to do it.....HR Security is a playground where multiple games can be played at a time

former_member577095
Participant
In response to Former Member

‎01-19-2012 6:32 PM

0 Kudos

Hi Deb,

we will try option 1.

Many thanks for your help.

Andrea