Solved: Structural Authorizations for Team Calender

Former Member · ‎12-04-2007

Hi Experts,

I am trying to set up structural authorizations for managers in ERP2004. We are implementing ESS/MSS on EP 6.0 SP20.

Structural Authorizations should meet the following goals.

Goal 1. Managers should not see data of employees from other org units.

Goal 2. Should display the employees in team calender.

Goal 3. Should display the Portal Reports that comes under "Reporting Workset" from Business Package for MSS HTMLB

I did the following to set up structural authorizations

1. Turned on the switch P_ORGPD in ooac

2. Created a authorization profile in oosp

No.: 10

Plan vers.: 01

Obj. type: O

Object ID: Blank

Maintenance: Checked this on

Eval.path: O-S-P

Status: 12

Depth:No entry

Sign: No entry

Period: no entry

Function module: RH_GET_MANAGER_ASSIGNMENT

3. Assigned the authorization profile to manager's position in PO13.

4. Ran the report "RHPROFL0"

5. Created a role Z_MSS and assigned the PLOG authorization object and P_ORGIN objects. I put " * "in all the fields. And assigned this role to manager.

Goal 1 above is achieved, But Goal 2 and Goal 3 are still pending.

Can you guide/advice me how to set up authorizations to see the people in Team Calender.

I really appreciate your help.

Thanks!

Matt_Fraser · ‎01-03-2008

You might need to put a value in the Depth field of your structural profile. I'm not sure what the effect of having that blank may be. In our case, for MSS usage, I put 5 in there, which allows the manager to see 5 levels of objects (not orgs) down the org structure from the starting point (org as determined by the function module).

Also, I did not use the delivered evaluation path of O-S-P but created my own, ZMSS. However, the major difference is only that I added qualifications and courses as objects, since our managers look at this for their employees.

As for the standard authorizations, I think in addition to PLOG and P_ORGIN objects (and you would definitely not want your managers to have * in all fields for P_ORGIN, but for a test that's all right), you will need S_SERVICE with the appropriate service names of type WEBDYNPRO for the various MSS functions, including TeamViewerApp, etc. There are also a number of RFC's needed in S_RFC to make this work. Check Notes 844639 and 798967 for suggestions as to which services need to be authorized for MSS. Note 853026 may also be of interest.

--Matt

Former Member · ‎12-05-2007

can anybody throw some light or direct me!

Former Member · ‎12-05-2007

Hello minisap...

Unfortunately for both of us I do not have experience with MSS, but I distinctly remember that funtion module being discussed a few times here already. Did you try a search here, in the HR topic forums, or the sap-google?

Kind regards,

Julius

Former Member · ‎12-10-2007

are there any books which directs on how to implement structural authorizations?

Former Member · ‎12-11-2007

A loud thought, --did you try the P_ERNR infotype for the tying the employees to the calender ? May be if you can somehow link this to the calender ...then may be !!

former_member74904 · ‎12-11-2007

could you copy-paste all the lines of your structural profile so we can have a look?

or does your profile only consist of this one line?

Former Member · ‎12-11-2007

No.: 10

Plan vers.: 01

Obj. type: O

Object ID: Blank

Maintenance: Checked this on

Eval.path: O-S-P

Status: 12

Depth:No entry

Sign: No entry

Period: no entry

Function module: RH_GET_MANAGER_ASSIGNMENT

This is the information i entered in one AUthorization profile.

I maintained PLOG, P_PERNR and P_ORGIN in one role and with '*' in every entry of the object just for testing if the configuration works. If the authorizaiton profile works, I can later change HR Authorization objects according to the requirement.

Thanks!

Former Member · ‎12-11-2007

Try putting *'s into P_ABAP and see what happens (as a test).

Kind regards,

Julius

Former Member · ‎01-03-2008

Hi Julius,

I have tried that one too, it did not help me. I have checked all the authorizations that Team Calender Needs through trace and built a role.

It seems I have to do some analysis on the Org Structure. I have heard if the org. structure is defined well, there may be a problem. Even I am unable to make Structural Authorizations to work!!

Any suggestions are more welcome and appreciated.

Regards!

Former Member · ‎01-03-2008

Hello minisap_g,

I would think that an org structure which is not well defined, would cause problems.

Sorry, I have to pass on the rest, as I do not know the answer.

Hopefully one of the HR gurus can "see it" and help from experience.

Kind regards,

Julius

Matt_Fraser · ‎01-03-2008

You might need to put a value in the Depth field of your structural profile. I'm not sure what the effect of having that blank may be. In our case, for MSS usage, I put 5 in there, which allows the manager to see 5 levels of objects (not orgs) down the org structure from the starting point (org as determined by the function module).

Also, I did not use the delivered evaluation path of O-S-P but created my own, ZMSS. However, the major difference is only that I added qualifications and courses as objects, since our managers look at this for their employees.

As for the standard authorizations, I think in addition to PLOG and P_ORGIN objects (and you would definitely not want your managers to have * in all fields for P_ORGIN, but for a test that's all right), you will need S_SERVICE with the appropriate service names of type WEBDYNPRO for the various MSS functions, including TeamViewerApp, etc. There are also a number of RFC's needed in S_RFC to make this work. Check Notes 844639 and 798967 for suggestions as to which services need to be authorized for MSS. Note 853026 may also be of interest.

--Matt

Former Member · ‎03-04-2008

can be solved without structural authorizations.

solution is based on the evaluation paths.