01-18-2007 10:34 PM
Hi,
We currently have Structural Authorization setup for Performance Appraisal access. But because of the context problem, the limited employee scope access from Appraisal's Structural Authorization overides the standard authorization for time entry access (which is supposed to have wider employee access scope). So, we want to try resolving the problem by setting up context authorization, using P_ORGXXCON. However, I found that as soon as I turned on this context switch, it impacted all users even those who did not have structural authorization assigned. i.e. Those who just have, e.g. time entry access only and no appraisal access. Users with just the time entry access wouldn't be able to access time info until I added the context authorization (P_ORGXXCON) with same infotypes and access level set in P_ORGXX <b>plus</b> a new structural authorization profile with just the employee access scope (wider scope).
Has anyone experienced the same? I mean, by turning on the context switch, it blocks all authorization access set in the system for P_ORGXX or P_ORGIN even though they don't require context authorization ? Or is it just something not set right on our system? HELP!!! Thanks in advance.
Winnie
Security Analyst
City of Vancouver, Canada
01-21-2007 5:36 PM
Winnie,
P_ORGXXCON
This is the extended check with context object used when HR infotypes are redited or read.
Check table T77UA and use only structural profiles that are enetered in this table in the PROFL field of the context authorization objects.
01-22-2007 10:42 AM
Hi,
You can try one of the following options.
1)
In SU24 make the P_ORGXXCON Auth Obj's Check Indicator as "Do not check"
For Tcodes except the ones where you want it to be checked.
This is a better apporach provided u dont use strcutural auth for remaining tcodes.
2) The above method might not a good option on a long run as you might require to use structural auth later. So use SU24 to make this Auth Object Check and Maintain for all tcodes which have this object as check and later bring that auth object into ur AUTHROIZATIONS using expert mode in PFCG and mantain values.
This is a one time maintaining task and later makes it easy if you want to extend the strcutual auth to other areas too
Regards,
Manohar