Types/Uses for Context Structural Authorizations
I'm looking to get some additional information around Contextual Structural Authorizations, and how to apply this to my current scenario:
HR Manager's primary responsibility is to be able to create/edit employee data using PA30 and other such transactions, however there should be no restriction whatsoever on who he can view/edit/create doing his primary responsibility as the HR Manager.
Same HR Manager also needs access to view and edit timesheets using transactions such as CAT3, CATS_DA for his own team using structural authorizations.
We also have many Managers in the company who use CAT3/CAT2/CATS_DA for timesheet reporting, and this should be the only Structural Authorization restriction needed.
I have created 2 test roles, 1 for Time Display and the other for HR Master Data. The Time Display role has P_ORGINCON, with the specific "Timesheet" PD Profile entered in PROFL. The HR Master Data role has P_ORGINCON with * value for PROFL.
Also, in OOAC the switch for INCON is set to 1 for HR: Master Data (Context).
Results: The Test ID can see their own employees per the org structure using CAT3. Also, the Test ID can view other employees in searching using PA30, however cannot "select" or modify any users outside their direct reports. Example: Employee1 reports to HR Manager, and Employee2 does not. When searching in PA30, both Employee1 and Employee2 are visible, however Employee2 cannot be selected and modified. Employee1 can successfully be selected and modified. I'm wondering if anyone could shed some light on what is preventing the Test ID from modifying all PERNRs using transactions like PA30/PA40