Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Structural profile to exclude?

Former Member

‎04-19-2008 8:18 AM

0 Kudos

Dear gurus,

Considering the following scenario in OM:

Company XYZ O 50000000

>Org-unit A O 50000001

>Org-unit B O 50000002 <- HR Manager sitting in this unit B

>Org-unit C O 50000003

The authorisation requirements are so that, this HR Manager is allowed to have full maintenance access for all the employees under Company XYZ, except she cannot see the salaries of the people under org-unit B.

Can I maintain the authorisations in such way that I give the HR Manager two structural profiles:

profile 1) 50000000 with evaluation path O-O, 50000001 and 50000003 with evaluation path O-S-P, assign this to a PFCG role with full PA access to master data

Profile 2) 50000002 with evaluation path O-S-P, assign to a role with all infotypes, except IT0008

Will it work that way? Or does anyone have a better suggestion for this?

I thought of utilizing the PersAdmin field in IT0001, but it won't work due to the workflows implementation.

Thanks for your time!

-BT

3 REPLIES 3

Former Member

‎04-21-2008 7:57 AM

0 Kudos

Hi,

You would be able to use structural auths for this, have you implemented context senstive authorisations?

If you haven't then I don't see how you could achieve this - you can take a look at this link for the documentation:

https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/d9c4230a-0a01-0010-31be-9213b185...

With auth object P_ORGINCON you could create two authorisations, one auth including 0008 with profile1 and another auth excluding 0008 with profile 2.

Regards

Former Member
In response to Former Member

‎06-28-2008 10:50 PM

0 Kudos

Using this scenario how would one link structural authorisation to roles in PFCG? The who posted this orginally was talking of linking it roles in PFCG is that possible at all or not?

former_member74904
Contributor
In response to Former Member

‎06-29-2008 10:36 AM

0 Kudos

fi you use contextual authorizations (e.g. P_ORGINCON) and also implement the BAdI GET_PROFL, the assigned structural profiles in the P_ORGINCON object(s) are automatically read from the PFCG role and put into table T77UA/T77UU.

if you do not use this approach, it is not possible to assign structural profiles through PFCG.