Currently we are using standard role based security for HCM system(SAP ECC 6.), and client wants to go for Structural authorisation.
Current set up is like below.
Authorization object is - P_ORGIN
and Authorisation switch Values(OOAC) are like below
AUTSW ADAYS 15 HR: Tolerance Time for Authorization Check
AUTSW APPRO 0 HR: Test Procedures
AUTSW DFCON 1 HR: Default Position (Context)
AUTSW INCON 0 HR: Master Data (Context)
AUTSW NNCON 0 HR:Customer-Specific Authorization Check (Context)
AUTSW NNNNN 0 HR: Customer-Specific Authorization Check
AUTSW ORGIN 1 HR: Master Data
AUTSW ORGPD 0 HR: Structural Authorization Check
AUTSW ORGXX 0 HR: Master Data - Extended Check
AUTSW PERNR 0 HR: Master Data - Personnel Number Check
AUTSW XXCON 0 HR: Master Data - Enhanced Check (Context)
I need some help/Guidance on below.
1 We have employees with default positions 9* and do not have any organizational assignment(in IT0001), what switch should I enable and what should be the value(I have gone through the documentation alreadyt, but I need recommendation).in order to get the report on these employees
2 We have Employees with Positions starting 8* and 7* and do not have any organizational assignment(in IT0001), as these employees are not assigned with SAP default positions, how do I handle this in order to get the report on these employees. Is any body having similar situtation and what are the best practices are followed (Like usage of BADIs and Function Modules etc).
3. can authorisation switches DFCON and ORGPD can be enabled at the same time?
4. Whether DFCON will work along with P_ORGIN, because I did some testing but seems to be not working.
Responses will be highly appreciated and correct recommendations will be rewareded.
Thanks alot in advacne.