cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Structural Authorization for Appraisal

Former Member

on ‎12-26-2006 2:23 AM

0 Kudos

Hi,

Would like to seek advice on the following problem.

I have created a structural authorization to allow the Head of IT Dept to view the appraisals of his staff. This means the Head of IT Dept cannot view the appraisals belonging to staff of other departments.

However, a staff from another department ( Engineering Dept ) requires to submit his appraisal to the Head of IT Dept. Due to the structural authorization, the Head of IT Dept is now unable to see the appraisal of the Engineering Dept staff. This can be solved if I include the Engineering Dept in the structural authorization for the Head of IT Dept.

However, this gives rise to another problem. Because the Engineering Dept is in the structural authorization for the Head of IT Dept, the Head of IT Dept is able to view the appraisals for all the staff in Engineering Dept. This is not correct.

How do I overcome this error ?

Thanks.

regards,

Tim

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (1)

Answers (1)

manohar_kappala2
Contributor
‎12-28-2006 9:08 AM
0 Kudos

Hi,

This can be solved if you are using the P_ORGINCON and P_ORGXXCON auth objects.

For this you need to activate in through transaction OOAC Switches:

1)HR: Master Data (Context)

2)HR: Master Data - Enhanced Check (Context)

Also you need to activate a BADI too.

Once its done you will be able to use these Auth Obj.

Now create two separate instances of

each of these Objects:

for eg for P_ORGINCON divide the values as follows:

Instance 1:

INFTY Infotype : same as P_ORGIN

SUBTY Subtype : same as P_ORGIN

AUTHC Authorization level

PERSA Personnel Area: IT Dept specific

PERSG Employee Group: IT Dept specific

PERSK Employee Subgroup: IT Dept specific

VDSK1 Organizational Key

PROFL Authorization Profile give PD profile pertaining to IT Dept

Instance 2:

INFTY Infotype :

SUBTY Subtype :

AUTHC Authorization level

PERSA Personnel Area: Engg Dept

PERSG Employee Group: Engg Dept specific

PERSK Employee Subgroup: Engg Dept specific

VDSK1 Organizational Key

PROFL Authorization Profile give PD profile pertaining to Engg Dept

Control the second one so that he is able to access only the employees from Engg dept whom the IT head needs access to.

Let me know if you have any doubts around it.

Regards,

Manohar

Show replies
Show replies
Former Member
‎12-28-2006 1:42 PM
0 Kudos

Hi Manohar,

thanks very much for your reply. this is very helpful. I have a better understanding now.

Just like to clarify the following concerning Instance 2.

1. How do I control which Engineering employee the IT Head can access? I only know how to control at org unit level but not at employee level.

My PD profile is as listed.

Plan Version: 01

Object Type: O

Object ID: 583 ( This is the org unit number of the Engineering Dept )

Maintenance: Checked

Evaluation Path: O-S-P

Status Vector: 12

Is there a different Evaluation Path to control access at employee level ?

2. My situation is a bit tricky. The PD profile ( Instance 2 ) must allow staff from Engineering Dept to send appraisals to the IT Head. The IT Head is only allowed to access appraisals of Engineering staff who send their appraisal to him. Not all Engineering staff send their appraisal to the IT Head.

Here comes the tricky part . We do not know in advance which Engineering staff will be sending their appraisal to the IT Head.

Sounds strange, right !!

Am grateful for your help. Thanks.

Best Regards,

Tim

manohar_kappala2
Contributor
‎12-29-2006 5:53 AM
0 Kudos

Well in that case,

you can ask the functional team to set up a Org Key which can add an extra control... inaddition to the Structural Authorization.

So this would ensure that the person has the right for only those employs of the IT Dept which match the req for both Strcu Auth and Org Key.

I think this should solve your problem

Let me know if this helps.

Do award points if this is helpful...

Refer to the below to get an Idea of what Organizational Key is:

<b>Set up organizational key</b>

In this step, you can carry out an additional organizational assignment for your employees. By using the organizational key, you can refine both the enterprise and the personnel structure. The organizational key is made up of a 14-character field. You can determine the structure of this yourself.

You can use all the elements of the organizational structure (all the fields in the infotype Organizational Assignment 0001) to define the organizational key. To enable you to do this, you can choose from fields that are shown, such as 'company code', 'employee group', 'organizational unit', 'administrator group', as well as from the hidden fields 'formatted employee name' (for example Dr. Fritz Meier) and 'employee name for sorting' (for example MEIER FRITZ). As before, specific control tables and rules tables are also provided for you.

The organizational key is part of the authorization check in the HR Human Resources) module, this means you can revise the authorization check by using the organizational key.

Example

You want to define an access authorization at the cost center level.

You want to define an authorization check based on the first letter of the surname.

Activities

1. Define the link Organizational key control <-> Employee when you maintain the feature Organizational key (VDSK1).

2. Determine the organizational key control.

a) In the field Variable key, set up the variable key in accordance with the return code of the feature VDSK1.

b) By using the field Default/validation, you can control how the system should proceed when assigning the organizational key in the infotype Organizational Assignment (0001).

The following characteristics for the field Organizational key (P0001-VDSK1) are available:

Setting Characteristic

1 optional entry without validation

2 optional entry with validation

3 required entry with validation

4 default which cannot be overwritten

5 default without validation which can be overwritten

6 default with validation which can be overwritten

7 default with validation which cannot be overwritten

Note

If you use indicators that produce a default, i.e. if you use 4, 5, 6 or 7, you must also maintain the creation rules.

If you use an indicator that carries out a validation, i.e. 2, 3, 6 or 7, you must also maintain "Validation" (point 4).

c) Determine the rules for creating the organizational key. To do this, you must enter the key for the creation rule.

3. If necessary, define the creation rule.

To define a creation rule, you must store values in several fields:

a) By using the field Creation rule, you can determine the key under which the creation rule is defined.

b) By using the field Number, you can determine in which sequence, the fields from infotype Organizational assignment are used to create the organizational key.

c) Enter the name of the field from the infotype Organizational Assignment which is to be used to create the organizational key.

d) By using the fields Length and Offset, you can determine which part of the field called up from infotype Organizational Assignment is included in the organizational key.

If you do not make an entry in the fields Length and Offset, the system will automatically propose the length of the field, that is defined in the ABAP/4 Dictionary; the offset has the value 0.

4. If necessary, determine the validations.

If you have chosen an entry with validation, you must list all the permissible entries for the organizational key here.

a) The field Hierarchy is not used in the SAP Standard System and has the value 1 when called up.

b) In the field Organizational key, enter the values that are to be used for the validation against the values in the field Org.key when you maintain infotype Organizational assignment (0001).

cheers

Manohar

Message was edited by:

Manohar Kappala

Former Member
‎12-29-2006 2:29 PM
0 Kudos

Hi Manohar,

Thanks again. This is a good idea. Will work with my developers to try this out.

Wishing you a very joyous New Year.

Best Regards,

Tim

Ask a Question