SAP for Higher Education and Research Discussions
Spark conversations about student engagement, research optimization, and administrative efficiency using SAP in higher education and research. Join in!
cancel
Showing results for 
Search instead for 
Did you mean: 

Structural authorization concept

r_hermans2
Discoverer
0 Kudos

We encounter a problem with the setup of our structural authorization concept.

Our organization has the following organizational structure:

Institute

~ College A

~ ~ Unit AA

~ ~ ~ Department AAA

~ ~ ~ ~ Employee AAA1

~ ~ ~ Department B

~ ~ Unit AB

~ ~ ~ Department ABA

~ College B

~ ~ Unit BA

~ ~ ~ Department BAA

~ ~ ~ ~ Employee BAA1

~ ~ ~ Department BAB

Our structural authorization is based on the organizational structure which means that an employee can be authorized for a College, Unit or Department.

Example 1:

Employee AAA1, with department authorization, is authorized for Department AAA and does not see any information of other departments.

Example 2:

Employee BAA1, with Unit authorization, is authorized for Unit BA and is possible to view information of department BAA and Department BAB.

We want to extend our authorization so that Employee AAA1 and Employee BAA1 can VIEW all information of all colleges, units and departments. And still can change data of their own departments.

To solve this problem I already tried to use authorization object PLOG_CON and P_CM_PROC.

Both objects are not fully operational.

PLOG_CON:

Help text says “NOTE: Do NOT use this authorization object. It does not work.”

P_CM_PROC:

Help text says “(Field PIQPROFL is not checked in release CM 4.64. therefore, its value is not important.)”

Is there another solution for extending our authorization concept?

1 ACCEPTED SOLUTION

former_member583013
Active Contributor
0 Kudos

Ralph,

You should not worry about those Authorization Objects. Instead, simply create and assign TWO structural authorization profiles for each user. Each profile has a different starting point:

- The profile that has a read-only flag for the evaluation path starts at the top level.

- The profile that has write access starts at the lower level.

I hope this helps.

Michael

View solution in original post

2 REPLIES 2

former_member583013
Active Contributor
0 Kudos

Ralph,

You should not worry about those Authorization Objects. Instead, simply create and assign TWO structural authorization profiles for each user. Each profile has a different starting point:

- The profile that has a read-only flag for the evaluation path starts at the top level.

- The profile that has write access starts at the lower level.

I hope this helps.

Michael

r_hermans2
Discoverer
0 Kudos

Thanks for the information!

The display function works for the student data but it is still possible to make a relationship between a student (ST) and a study (CS) object. This wouldn't be a problem in our situation because it is now possible to take over a student from another organization.