04-23-2007 5:38 PM
can we give authorization in this transaction PPOCE
if there is a organisational structure,can i give authorization such that a user can assign only certain positions i.e; if he tries to assign work to certain positions- it shud say no access allowed.can we do it?????
if so wat is the authorization object and how do i it.kindly help if u know
thanks
renjy
04-23-2007 6:34 PM
Hi,
PPOCE is for creation of the root org unit and not for maintaining.
Perhaps you might be referring to PPOME.
You can control the access to the transaction as the you wanted by using
Role+Structural Authorizations.
In the role u need to give S_TCODE and P_TCODE with PPOME
The in the Auth Object PLOG
give infotype 1001
Planning status as per your sytem
Object Type P(position) and WI (work item)
Plan Version as per your system normally current plan is choosen.
Function Code DISP, INSE, COPY,AEND
Subtype you need to know the way these two are related (like A/B030, A/B007 etc) for this you need to trace and obtain that value.
Now this give access to Add a Work item to a position.
But for controlling this to a set of positions
create a PD profile (tcode oosp) with relevant evaluation path and attach that to a user ID (OOSB) . Then the user will be appropriately controlled.
Hope this helps
Cheers Manohar
Message was edited by:
Manohar Kappala
04-25-2007 10:44 AM
04-25-2007 11:42 PM
Hi Manohar,
Would you please send me complete step with two three example of HR security with two three roles created one. what is the difference between regular HR authorizaiton and structural authorization. So please send me to this email address happyman336@yahoo.com
Thanks
Happy
04-26-2007 10:27 AM
if u do send a reply to happyman sent a copy of that to this maid too renjyverghese@gmail.com
04-26-2007 8:23 PM
04-27-2007 2:51 PM
the difference between structural and 'standard' authorization is most easily described as follows:
the IT0001 (organizational assignment) screen is divided into 2 parts: enterprise structure and organizational structure.
the enterprise structure is what usually can be authorized through standard authorization (e.g. P_ORGIN --> personnel (sub)area, employee(sub)group, etc)
sometimes authorizing employees through these enterprise entities can lead to being authorized for too large a part of the HR population.
in this case it could be helpful to further restrict access with help of a structural profile.
if we were to take the following structural profile as an example :
(look in Tcode OOSP for fieldnames)
ZEXAMPLE | 10 | 01 | O | 5xxxxxxx | x | O-S-P | 12 |
(all other fields can be left blank)
so, the combination of the standard role (e.g. where the user is authorized for personnel area 1000) with this structural profile will delimit access to only employees within pers. area 1000 but who should also be 'under' organizational unt 5xxxxxxx. If one of these prerequisites is not met, the user won't be authorized.
with authorizations setup this way, plus the additional PLOG authorization mentioned in the above post, the user will only be allowed to maintain positions within the org. unit (5xxxxxxx) entered in the structural profile.
hope this helps a little...
04-27-2007 2:57 PM