Solved: Structural Authorizations preventing a number of t...

Former Member · ‎06-19-2015

Scenario:

Structural authorizations have been set for Resource Management in PPM.

The standard switches that are being used:

AUTSW	ADAYS	0	HR: Tolerance Time for Authorization Check
AUTSW	APPRO	0	HR: Test Procedures
AUTSW	DFCON	0	HR: Default Position (Context)
AUTSW	INCON	0	HR: Master Data (Context)
AUTSW	NNCON	0	HR:Customer-Specific Authorization Check (Context)
AUTSW	NNNNN	0	HR: Customer-Specific Authorization Check
AUTSW	ORGIN	1	HR: Master Data
AUTSW	ORGPD	0	HR: Structural Authorization Check
AUTSW	ORGXX	0	HR: Master Data - Extended Check
AUTSW	PERNR	1	HR: Master Data - Personnel Number Check
AUTSW	XXCON	0	HR: Master Data - Enhanced Check (Context)

By default, authorization profiles are assigned to all positions (this is a requirement from PPM).

The issue is structural authorization is restricting users from accessing any object which doesn't have an evaluation path.

For example, it is preventing users from creating work centers (Object Type = A).

Work Centers are not connected to HR structure here and should not be failing structural authorization checks.

Is there any way to prevent this - either by changing the switch values or defining some generic evaluation paths (evaluation path with object value = *). So far all our attempts to use a generic evaluation path has failed.

Any advice on this will be greatly appreciated.

- B

Former Member · ‎06-25-2015

Thanks Sven for your help.

The issue has now been resolved. It was done through a change in the combination of switches and change in the structural authorization profile.

Switch settings:

AUTSW	ADAYS	0	HR: Tolerance Time for Authorization Check
AUTSW	APPRO	0	HR: Test Procedures
AUTSW	DFCON	0	HR: Default Position (Context)
AUTSW	INCON	0	HR: Master Data (Context)
AUTSW	NNCON	0	HR:Customer-Specific Authorization Check (Context)
AUTSW	NNNNN	0	HR: Customer-Specific Authorization Check
AUTSW	ORGIN	1	HR: Master Data
AUTSW	ORGPD	0	HR: Structural Authorization Check
AUTSW	ORGXX	0	HR: Master Data - Extended Check
AUTSW	PERNR	1	HR: Master Data - Personnel Number Check
AUTSW	XXCON	0	HR: Master Data - Enhanced Check (Context)

Authorization profile settings:

Former Member · ‎06-19-2015

Hi,

Per default, all users have the same profile as SAP*, if they are not assigned in T77ua. Per default again, that's "ALL".

If it's not ALL, but you want all users to have access to all objects of type A (if they have access in auth object PLOG), then you have to

- assign a profile with objtype A abd * to SAP*

- assign the same profile to all users, who have something else assigned in t77ua

Even if you use ALL for SAP*, you still need the second step, because in that case, as soon as you assign anything to a user in t77ua, they lose everything else they had before per default.

Structural Authorizations preventing a number of transactions

Accepted Solutions (1)

Accepted Solutions (1)

Answers (1)

Answers (1)

Re: SuperUser SAP B1 HANA 10.0

Re: Select query date feild in not working

Re: 261 Consumption in WM

Re: Services for object inbound delivery

Re: SSAM 2310 Deploy Error: "ReferenceError: chalk...