Structural authorization with Context Solution
I have a requirement. For an example, I would like to restrict IT 0001 access for write access. A Manager should have read and write access to IT 0001 only for personnel#s under his org unit (for which he has a 'chief' position). For other personnel#s, he should have only read access for IT 0001.
We would like to use Context Solution (P_ORGINCON authorization object). I have created a PD profile with O-S-P evaluation path and RH_GET_MANAGER_ASSIGNMENT as function module.
In role, authorization object P_ORGINCON would be having following values (which gives read and write access to IT 0001 for Manager's org unit):
Authorization Level - R, M, W, E, D, S
Infotype - 0001
Personnel Area - *
Employee Group - *
Employee Subgroup - *
Subtype - *
Organizational Key - *
Authorization Profile - PD_PROFILE_1
PD profile (PD_PROFILE_1) is restricted by RH_GET_MANAGER_ASSIGNMENT function module and so it gives list of personnel#s, a Manager is authorized for his org unit.
1: For my requirement, what values should be in second authorization object, to have read only access for IT 0001 for all personnel#s? Do I have to use P_ORGINCON authorization object with Authorization Profile as '*'?
2: At the time of turning on HR switch (transaction OOAC, table T77S0) for INCON (HR: Master Data (Context)) to 1, do we have to turn off switch for ORGIN (HR: Master Data)?
3: If yes to question 2, do we have to update all transactions in SU24 to reflect P_ORGINCON for check/maintain instead of P_ORGIN? So, whenever we enter transaction code in a role thru PGCF, P_ORGINCON would be entered in authorization or it is not required.