Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Context Authorization Switch

Former Member

‎01-18-2007 10:34 PM

0 Kudos

Hi,

We currently have Structural Authorization setup for Performance Appraisal access. But because of the context problem, the limited employee scope access from Appraisal's Structural Authorization overides the standard authorization for time entry access (which is supposed to have wider employee access scope). So, we want to try resolving the problem by setting up context authorization, using P_ORGXXCON. However, I found that as soon as I turned on this context switch, it impacted all users even those who did not have structural authorization assigned. i.e. Those who just have, e.g. time entry access only and no appraisal access. Users with just the time entry access wouldn't be able to access time info until I added the context authorization (P_ORGXXCON) with same infotypes and access level set in P_ORGXX <b>plus</b> a new structural authorization profile with just the employee access scope (wider scope).

Has anyone experienced the same? I mean, by turning on the context switch, it blocks all authorization access set in the system for P_ORGXX or P_ORGIN even though they don't require context authorization ? Or is it just something not set right on our system? HELP!!! Thanks in advance.

Winnie

Security Analyst

City of Vancouver, Canada

2 REPLIES 2

Former Member

‎01-21-2007 5:36 PM

0 Kudos

Winnie,

P_ORGXXCON

This is the extended check with context object used when HR infotypes are redited or read.

Check table T77UA and use only structural profiles that are enetered in this table in the PROFL field of the context authorization objects.

manohar_kappala2
Contributor

‎01-22-2007 10:42 AM

0 Kudos

Hi,

You can try one of the following options.

1)

In SU24 make the P_ORGXXCON Auth Obj's Check Indicator as "Do not check"

For Tcodes except the ones where you want it to be checked.

This is a better apporach provided u dont use strcutural auth for remaining tcodes.

2) The above method might not a good option on a long run as you might require to use structural auth later. So use SU24 to make this Auth Object Check and Maintain for all tcodes which have this object as check and later bring that auth object into ur AUTHROIZATIONS using expert mode in PFCG and mantain values.

This is a one time maintaining task and later makes it easy if you want to extend the strcutual auth to other areas too

Regards,

Manohar