Skip to Content
author's profile photo Former Member
Former Member

SAP ESS MSS default authorization object


Hi All,

As we already know, we have ESS and MSS roles exists in SAP HCM. Please suggest me the default authorization object for the ESS and MSS roles.

We have already roles embedded with P_ORGIN and P_PERNR, but need confirmation whether P_ORGIN is mandatory or P_PERNR is mandatory.

Thanks in Advance.

Add a comment
10|10000 characters needed characters exceeded

Related questions

4 Answers

  • Best Answer
    author's profile photo Former Member
    Former Member
    Posted on Dec 26, 2013 at 04:24 PM

    hi ,

    add these also

    s_service

    s_rfc

    p_pernr

    plog

    p_orgin

    p_orgincon

    p_hap_doc

    Add a comment
    10|10000 characters needed characters exceeded

  • author's profile photo Former Member
    Former Member
    Posted on Dec 27, 2013 at 05:36 AM

    Hi,

    Thank you for all your quick response.

    As of now we have added all the above authorization objects in the roles, but we are trying to build a context solution for all the existing roles where P_ORGIN will be replaced by P_ORGINCON authorization object.

    In this case will the ESS and MSS role will works for P_ORGINCON authorization object without any mismatch...

    Thanks in advance.

    Add a comment
    10|10000 characters needed characters exceeded

    • Former Member Former Member

      Yes, once context solution is enabled, P_ORGIN can no longer be used. You need to modify all your roles which has this object and replace it with P_orgincon.

      Authorization profile refers primarily to structural authorization profile (also known as PD profile) in transaction OOSP/OOSB. This is used to restrict access to employees/objects.

  • author's profile photo Former Member
    Former Member
    Posted on Dec 26, 2013 at 12:55 PM

    Hi Hima,

    Both the authorization objects P_ORIGIN and P_PERNR are mandatory and required authorization must be there so that ESS/MSS users can make use of all the applications.

    Check the standard single role : SAP_EMPLOYEE_IN_ESS_WDA_2 and also check the composite role SAP_EMPLOYEE_ESS_WDA_2 and the authorization objects included in the role which will be helpful for you.

    Hope this information solves your issue.

    Regards,

    Mithun K

    Add a comment
    10|10000 characters needed characters exceeded

  • author's profile photo Former Member
    Former Member
    Posted on Dec 26, 2013 at 12:55 PM

    hi ,

    better make those and additional are also there

    Add a comment
    10|10000 characters needed characters exceeded

Before answering

You should only submit an answer when you are proposing a solution to the poster's problem. If you want the poster to clarify the question or provide more information, please leave a comment instead, requesting additional details. When answering, please include specifics, such as step-by-step instructions, context for the solution, and links to useful resources. Also, please make sure that you answer complies with our Rules of Engagement.
You must be Logged in to submit an answer.

Up to 10 attachments (including images) can be used with a maximum of 1.0 MB each and 10.5 MB total.