04-10-2008 9:31 AM
We encounter a problem with the setup of our structural authorization concept.
Our organization has the following organizational structure:
Institute
~ College A
~ ~ Unit AA
~ ~ ~ Department AAA
~ ~ ~ ~ Employee AAA1
~ ~ ~ Department B
~ ~ Unit AB
~ ~ ~ Department ABA
~ College B
~ ~ Unit BA
~ ~ ~ Department BAA
~ ~ ~ ~ Employee BAA1
~ ~ ~ Department BAB
Our structural authorization is based on the organizational structure which means that an employee can be authorized for a College, Unit or Department.
Example 1:
Employee AAA1, with department authorization, is authorized for Department AAA and does not see any information of other departments.
Example 2:
Employee BAA1, with Unit authorization, is authorized for Unit BA and is possible to view information of department BAA and Department BAB.
We want to extend our authorization so that Employee AAA1 and Employee BAA1 can VIEW all information of all colleges, units and departments. And still can change data of their own departments.
To solve this problem I already tried to use authorization object PLOG_CON and P_CM_PROC.
Both objects are not fully operational.
PLOG_CON:
Help text says NOTE: Do NOT use this authorization object. It does not work.
P_CM_PROC:
Help text says (Field PIQPROFL is not checked in release CM 4.64. therefore, its value is not important.)
Is there another solution for extending our authorization concept?
04-18-2008 8:39 PM
Ralph,
You should not worry about those Authorization Objects. Instead, simply create and assign TWO structural authorization profiles for each user. Each profile has a different starting point:
- The profile that has a read-only flag for the evaluation path starts at the top level.
- The profile that has write access starts at the lower level.
I hope this helps.
Michael
04-18-2008 8:39 PM
Ralph,
You should not worry about those Authorization Objects. Instead, simply create and assign TWO structural authorization profiles for each user. Each profile has a different starting point:
- The profile that has a read-only flag for the evaluation path starts at the top level.
- The profile that has write access starts at the lower level.
I hope this helps.
Michael
04-23-2008 2:34 PM
Thanks for the information!
The display function works for the student data but it is still possible to make a relationship between a student (ST) and a study (CS) object. This wouldn't be a problem in our situation because it is now possible to take over a student from another organization.