Skip to Content
avatar image
Former Member

Types/Uses for Context Structural Authorizations

Hello All

I'm looking to get some additional information around Contextual Structural Authorizations, and how to apply this to my current scenario:

HR Manager's primary responsibility is to be able to create/edit employee data using PA30 and other such transactions, however there should be no restriction whatsoever on who he can view/edit/create doing his primary responsibility as the HR Manager.

Same HR Manager also needs access to view and edit timesheets using transactions such as CAT3, CATS_DA for his own team using structural authorizations.

We also have many Managers in the company who use CAT3/CAT2/CATS_DA for timesheet reporting, and this should be the only Structural Authorization restriction needed.


I have created 2 test roles, 1 for Time Display and the other for HR Master Data. The Time Display role has P_ORGINCON, with the specific "Timesheet" PD Profile entered in PROFL. The HR Master Data role has P_ORGINCON with * value for PROFL.


Also, in OOAC the switch for INCON is set to 1 for HR: Master Data (Context).


Results: The Test ID can see their own employees per the org structure using CAT3. Also, the Test ID can view other employees in searching using PA30, however cannot "select" or modify any users outside their direct reports. Example: Employee1 reports to HR Manager, and Employee2 does not. When searching in PA30, both Employee1 and Employee2 are visible, however Employee2 cannot be selected and modified. Employee1 can successfully be selected and modified. I'm wondering if anyone could shed some light on what is preventing the Test ID from modifying all PERNRs using transactions like PA30/PA40

Much appreciated!

Add comment
10|10000 characters needed characters exceeded

  • Follow
  • Get RSS Feed

2 Answers

  • Apr 07, 2016 at 05:42 AM

    moved to HR

    Add comment
    10|10000 characters needed characters exceeded

  • Apr 07, 2016 at 08:10 PM

    Hi Benhard,

    The standard practice is that for users who maintain data across org units do not get structural authorisations. Please note that structural authorisations uses the AND operator however you can exclude. You scenario is one of those complicated ones but it can be achieved via a function module.


    Here are the steps:

    Create a function module which returns direct reports for the manager

    Create another function module which returns the population he is allowed to manage via CATS

    Then create two different structural profiles and exclude accordingly. There is an exclude flag in the OOAW.


    If this is not clear get back to me.


    Thanks


    Dimtri


    Add comment
    10|10000 characters needed characters exceeded