Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Context sensitive authorization

Former Member

‎08-16-2007 11:51 PM

0 Kudos

Hi all:

I am looking at whether Context sensitive authorization check is worth implementing in my organization. I have read sap help and some other documentation and all of them seem to suggest that when turning Context switch AUTSW-INCON to 1 we should turn off HR master data switch off AUTSW-ORGIN to 0. They can't be implemented simultenously. However in my case I think I could use if both of these switches are on so I can use context for some roles and not for others. When I tested this in a test client, it seems to be working fine with both switches set to 1. My question to you is: Is this possible and what are some impacts that I my encounter because of this? I would appreciate your input.

Thanks,

Netra

5 REPLIES 5

former_member74904
Contributor

‎08-17-2007 2:15 PM

0 Kudos

hi netra,

I can't think of a reason to use ORGIN and ORGINCON simultaneously.

what's the use of using both types of objects when you can use P_ORGINCON without specifying a PROFL. this will be identical to the P_ORGIN object.

have you SU24-ed the P_ORGINCON checks yet?

also, in your test-environment have you specified structural profiles at all? I would like to know whether that's working correctly as well.

Former Member
In response to former_member74904

‎08-17-2007 4:19 PM

0 Kudos

Thanks Dimitri,

I understand what you are saying but the roles here are already setup and functioning with P_ORGIN and most of these have manually inserted objects. If I implement just Context then I will need to change all the roles to replace ORGIN with ORGINCON. I think that is a quite a bit of work. If I can have them activated simultaneously then I can only change few roles where the solution is needed. No, I have not started working on SU24 yet and I am not sure how helpful it will be maintain this as most roles have manually inserted objects. And also in my test environment I have str. profile setup and i have specified them in my context object.

I appreciate your thoughts.

Thanks,

Netra

former_member74904
Contributor
In response to former_member74904

‎08-20-2007 10:53 AM

0 Kudos

hi again Netra,

I understand that it will be quite some work changing all P_ORGIN roles to P_ORGINCON. as a matter of fact I'm in the middle of doing so myself...

what I can tell you however, is that leaving the situation as you describe above, will result in poorer performance because now both objects will be checked at runtime.

I don't think you will notice on the testenvironment, but it could have a significant impact in a live productive system.

anyway, good luck on your project and let me know how things work out for you!

thanks,

dimitri

Former Member
In response to former_member74904

‎08-20-2007 4:58 PM

0 Kudos

Thanks Dimitri. I did not really think about performance issues, thanks! I am going to include ORGINCON and disable ORGIN as you suggested.

Thanks again,

Netra

sukhbir_singh3
Explorer

‎03-03-2008 6:47 PM

0 Kudos

Hi:

As soon as P_ORGINCON is switched on, old roles using P_ORGIN doesn't work even if P_ORGIN is on too. System starts complaining like "No read authorization for...".

So how can you use both at the same time? Roles need to be change? Am I missing something? Help will be appreciated.

Thanks

Sukhbir Singh